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‘L hanks, Warehouse. 


Warehouse does two things. Move and manipulate data. test and decision support databases. Think of the 
Almost anywhere. No programming needed. advantages. No downtime. No big intermediate flat files. 
If you need to cross HP, UNIX or VAX platforms. Or And total platform transparency. 
move between Image, Oracle, DBMS and other databases Hundreds of companies depend on Warehouse. And 
or applications. No problem. If you need to migrate legacy —_ Taurus is a certified “HP User Reference” company as well 
data across the network straight into relational databases. as a participant in the “Oracle Business Alliance Program.” 
Done. It arrives as native data. So if you move data, now there’s a real solution. 
Data warehousing is just as easy. In minutes, you can Warehouse from Taurus. Call today for details. 
archive and retrieve selected data from any media. Make Because Warehouse moves data. 


1032 Elwell Court, Palo Alto, CA 94303 
Phone: 415-961-1323 x100 + Fax: 415-961-1454 + E-mail: sales@taurus.com +» Web: www.taurus.com 


CIRCLE 123 ON READER SERVICE CARD 


_ The only difference 
is the money you save. 


V Jith 17 years of knowledgeable experience : monitors, memory and interfaces, as well as 
" and reliable service, Monterey Bay Commu- a variety of printers. 

nications is a leader in Hewlett-Packard workstation > All equipment is warranteed and eligible for 
remarketing. We're professionals at pro- Hewlett-Packard maintenance. An 
viding HP 1000 and 9000 users with extensive parts and spares inventory 


reliable equipment that is functionally — and knowledgeable staff ensure 
and cosmetically identical to what HP Support / Tech Expertise prompt service and immediate 
offers — and at substantial cost savings. Lana delivery. 

7 Maintenance Eligibility rT ; 
In addition to the 700 / 400 / 300 / 200 Substantial Cost Savings For more detailed information or 
series, Monterey Bay Communications Simple Order Processing a price quotation, give MBC a call at 
also offers mass storage systems, cai 408/429-6144. 


Monterey Bay Communications Inc., 1010 Fair Avenue, Santa Cruz, CA 95060 Tel: 408-429-6144 Fax: 408-429-1918 
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CIRCLE 96 ON READER SERVICE CARD 
WINSOCK COMPLIANT ¢ KEYBOARD REMAPPING e 32 BIT ARCHITECTURE 
e DDE & OLE AUTOMATION © NETWORK FILE TRANSFER (FTP & NFT) 
e RUNS ON DOS, MACINTOSH, WINDOWS, WINDOWS 95 & NT 


800/682-0200 


Internet address: sales@minisoft.com 


MINISOFT 


312 Maple Ave. Snohomish WA 98290 
European sales: MiniSoft Marketing AG 41.41.340 23 20 


MiniSoft 92 is a registered trademark of MiniSoft Inc. All other trademarks are the property of their respective owners. 


Tough to scale 


Protect your investment in tape 
backup equipment with the 
LibraryXpress system. Begin with 
a base module containing one or 
two DLT4000 or DLT7000 drives 
and 10 cartridges. This will pro- 
vide you with a storage capacity of 
up to 700 gigabytes and a data rate 
of 72 gigabytes per hour. 


Easy to scale 


Scale up with any combination 
of stackable modules. Choose 
from a performance module, with 
up to five drives, or a capacity 
module, with 16 cartridges. 


CIRCLE 33 ON READER SERVICE CARD 


The exclusive Global Control unit passes cartridges between modules, allowing any cartridge to 


access any drive in the system, for true maximum system performance. Up to nine modules can be 


combined to create the ultimate automated storage system. Network administrators can 


continually fine-tune LibraryXpress expansion by balancing the ratio of tape drives to cartridges. 


Optimal configurations based on individual capacity, performance and budget requirements are 


easily achieved without the need to lock into a vendor-defined growth path of only a few possible 


configurations. 


IEM is a full solution provider: 


Combine LibraryXpress with our excellent software backup choices Alexandria and DallasTools. 


IEM: Providing Solutions for a Lights-out Environment 


© 1997 Anis Inc. LX1.0497 


In the U.S. and Canada: 
. IEM, Inc., P.O. Box 1889 
Fort Collins, CO 80522 USA 


Phone: (970) 221-3005 
(800) 321-4671 
Fax: (970) 221-1909 


In the United Kingdom: 


IEM, Inc., Unit 6, Salisbury House, 
Wheatfield Way, Hinckley Fields, 
Hinckley, Leicester LE10 1YG 
+44 (0)1455 239000 
+44 (0)1455 239668 


Phone: 
Fax: 


email: info@iem.com 


All others: 

IEM International Sales 
1629 Blue Spruce Drive 
Fort Collins, CO 80524 USA 
Phone:  +[1] 970-221-3005 
Fax: +[1] 970-221-1909 


http://www.iem.com 


Before You Travel the 


Crowded Road of Memory Upgrades, 
Consider This: 


Centon’s experience: we've been in business for over 18 years. 
Centon’s selection: we carry over 1,500 different modules. 
Centon’s warranty: all products come with a lifetime guarantee 
- © Centon’s commitment: we're an authorized Apple Developer, 
a partner in IBM's warranty program. 
So why not bypass the other memory suppliers? Take the Memory Expre 
to unparalleled service, aggressive pricing and guaranteed product. 
After all, for memory upgrades, all roads lead to Centon Electronics, 


 & Pictured is a Centon manufactured memory 
A module for the Apollo 9000 Series. Call Centon 


= CENTON / a) today for pricing and memory configurations for other 
- _ where SS glase Hewlett-Packard compatible upgrades. 


1-800-836-1986 


CENTON 


Call Centon today to ge 4 
your free copy 6fvour _ : ELECTRONICS, INC. 
Electronic Memory Guide Centon Electronics, Inc. Irvine, CA (714) 855-9111 Fax (714) 855-6035 http://www.centor.com 
disk: a Plus.’ . Proudly distributed by: a 
_ : : 1 (800) 255-4489 AmeriQuest RAN 
- Centon and the Centori’ logo « are registered 1 (800) 223-7081 A 
trademarks of Centon Electronics, Inc. — . ne : MICRO 
other br and names and trademarks : | Ai M. E R I QUEST: Worldwide Distribution” 
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EDITORIAL SUBMISSIONS 


hp-ux/usr encourages readers to contribute their opinions, tips, 
and solutions. When sending letters for publication or to request 
author contribution guidelines, please address them to hp-ux/usr 
editor Michael Ehrhardt. 


Postal Address: Office Address: 
Interex 1192 Borregas Avenue 
P.O, Box 3439 Sunnyvale, CA 94089 


Sunnyvale, CA 94088-3439 


Because of the difference in zip codes between our office address 
and P.O. Box, please be sure to address all regular mail to the 
P.O. Box. Any express service packages should be delivered to 
the Borregas Avenue address. Thank you for your attention to 
this small but significant detail. 


TELEPHONE: 


The Interex switchboard is open 8:00 a.m.—5:00 p.m., Pacific 
Time. Call 800.468.3739 (U.S. and Canada) or 408.747.0227. 
After 5:30 p.m. our voicemail system will record your call. 
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Call 408.747.0947 


INTERNET: 


To send e-mail to Interex, use the following address format: 
<I[Dname>@interex.org 
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ehrhardt hp-ux/usr Letters to the Editor, 

Q&A, and requests for author guidelines 
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membership Membership/subscription inquiries and services 
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conference Conference questions and arrangements 
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Anything before the @ sign is case insensitive. 


COMPUSERVE: 


Interex can be contacted via the CompuServe <> Internet 
gateway. To send CompuServe mail, use the following format: 


>INTERNET: pubs@interex.org 


You can address your mail to specific departments using the ID's 
listed above. 

Interex maintains a CompuServe account that is collected daily. 
Please address all messages to ID no. 76376, 1222. 


interex 
Shared Knowledge. 
Shared Power. 


As a not-for-profit association of HP computing professionals, 
Interex is dedicated to meeting the information, education, and 
advocacy needs of its members worldwide. 


In today’s world of rapidly changing technology, Interex puts 
hands-on solutions to hardware, software, and operating system 
problems at your fingertips. Because members actively contribute— 
exchanging ideas and sharing solutions—Interex is a vital link in 
the transfer of HP expertise. 


Operating independently from Hewlett-Packard, Interex has more 
than 20 years of serving HP computing professionals. Through its 
publications, conferences, and volunteer committee structures, 
Interex has the qualifications to represent you, a valuable member of 
the HP user community. 


Interex® is a trademark registered in the U.S. Patent and trademark office. 


Using NFS to Connect PCs to UNIX? 


Is your PC-based NFS solution providing less-than- Protocol Independence: TAS includes NetBEUI, 
expected performance? With TotalNET Advanced NetBIOS, TCP/IP, IPX/SPX, and AppleTalk protocols 
Server (TAS) software, you can share files, printers, for compatibility with most native client computers. 


and applications among Windows (3.x, 95, NT), 


NetWare, OS/2, Macintosh and UNIX computers No Additional User Training: TAS emulates all popular 


without adding or changing anything to the PC LANs, enabling users to connect to the 


client computer. server and share resources in each client's 


own environment. 
TotalNET Advanced Server delivers distinct 


advantages over PC-based NFS solutions: Test drive the TotalNET answer to high- 


performance networking. Call or visit our 


Reduced Administration: TAS installs directly website today for a free network evaluation. 
on and is administered from the server, greatly 


reducing time spent on LAN administration. 


File Integrity: TAS offers precise file and record locking SYNTAX 


for all network operating systems it supports. 
0 6 8 3 8 262 6 
t 


ttp://www.syntax.com 
CARD 


All trademarks of companies whose products are referenced are hereby recognized. 
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Editor's Notes 


Spring has sprung, more or less, and activities here at the Interex office pick up as we head 
into the conference season. The InterWorks conference in Philadelphia is only a couple of weeks 
away as this issue goes to press. HP World ’97 will have a strong HP-UX track—the list on 
the opposite pages gives you an idea of just some of the more than 120 HP-UX sessions you 
can attend at the August 24-28 conference in Chicago. 

FAST (Freely Available Software Technology) is a very exciting project under way now. 
InterWorks and Interex have been working together to deliver packages that bundle func- 
tional software that is useful for end users and easy to install and maintain for system admin- 
istrators. The first package bundles the top 100 packages from the user community, ported 
to HP-UX 10.x. Be sure to read Paul Gerwitz’s CSL Perspective for more information on 
FAST. 

As I write this, Sun Microsystems is preparing to unveil new features of Java that will make 
the language more appealing to those who depend on servers and computer networks. If 
you have been coding in C and C++ and are thinking of giving Java a try, you'll want to read 
Fred Chew’s article on Java programming for the C++ savvy. There are plenty of similarities 
and the shift should be easy, but you need to remain alert to certain key differences in style 
and syntax. 

Sys admin expert Marty Poniatowski is doing a series of articles on NT and HP-UX inter- 
operability. Microsoft has been touting NT as a server OS and certainly we are seeing more 
and more NT machines mixing with HP-UX systems. Marty starts off by showing how you can 
get the X Window System up and running on the NT box, integrating the NT workstation with 
the HP-UX system so you can take full advantage of the two systems working in concert. 

This issue’s cover feature is from data comm and security specialist John Pezzano. He has 
had a lot of experience in the security arena. His article is a full check list of questions about 
security—things end users, managers, and system administrators should ask themselves about 
security in their organizations. We all know how important security is, but how seriously do we 
take it? John’s article provides a sharp focus on this critical issue. 


WW. Onebud 


Michael Ehrhardt 
Managing Editor 
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KEEPING YOU A STEP AHEAD 


Get the HP-UX training 
and information you 
need to succeed. 


world of HP-UX solutions will 
A be at the Chicago Navy Pier 

between August 24 and 28. 
If you've an HP-UX user, you'll get 
time-critical, hands-on information 
at a vanety of skill levels. It’s the 
largest and most comprehensive HP 
event of the year, so don’t miss out. 
You'll gather big picture perspectives, 
detailed technical tips, and up-to-the- 
minute product information through: 


YW Main Conference Sessions 
V Training Seminars 


V The largest HP-Related Expo 
of the Year 


V Management Symposium 
Vv Manufacturing Symposium 
Vv Keynote Addresses 


<= Keynote 


Address 


| by Rick Belluzzo 


Executive Vice President 
and General Manager, Computer 
Organization, Hewlett-Packard Co. 


will focus on HP-UX 
issues, including: 


V Reliable Enterprise Administrative 
Workflow 

Vv Implementing NFS in HP-UX Release 
10.30 

Vv How to Choose the Right HP-UX 
Patches for My System 

Vv New Developments for 10.x 
Filesystems 

v Enterprise Desktop Management 

Vv What's New with HP-UX? Threads, 
64-bits, 2000 and the Future 

Vv Service Management with 
MeasureWare and PerfView 

Vv HP-UX & Windows NT: How to Select 
the Right Server 

VY Making the Transition from C++ to 
Java 

Vv A First Look at Netware for HP-UX 4.1 
Performance 

Vv Windows NT and HP-UX Integration 
Using Advanced Server/9000 

Vv HP-UX & Windows NT Integration: 
How to Make the Mixed Environment 
Work 

v Internet Protocol (IP) Security 
Framework 

Vv Secure Highly Available Transactions 
Over the Enterprise 

Vv Performance Analysis of HP-UX 
Systems Using Glance 

Vv Developing Patching Strategy for 
HP-UX 10.0 


HP 


More than 120 sessions 


7 


August 24-28, 1997 
Chicago * Navy Pier 


Featuring more than 200 HP-related exhibitors, the 
HP World ’97 Expo is expected to attract more than 
&,000 attendees. 


Vv MeasureWare and PerfView for 
Windows NT 

Vv How to Leverage Your Existing 
Applications on the Web 

VY Working with Netscape Enterprise 
Server on HP-UX 

VY Managing UNIX Startup and 
Shutdown Scripts 

V Intranet as a Corporate 
Communications Tool 

¥ An Introduction to System 
Maintenance Functions for 
HP 9000 Servers 

VY Viruses, Trojan Horses, and other 
Vermin on UNIX 

V Taming UNIX—An Introduction to 
Performance Management for HP-UX 

V HP-UX System Performance 
Analysis 101 

Vv Data Warehousing on a Shoestring 
Budget 
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Product Focus 


DESIGNBASE Version 5.2 

An object-oriented solid and surface 
modeling engine, Ricoh Corporation’s 
DESIGNBASE has been used by soft- 
ware developers as a foundation for 
CAD and related applications. In its 
most recent release, Version 5.2, 
DESIGNBASE adds more advanced off- 
set and shelling functions, enhanced 
online documentation and C++ inter- 
face, and IGES solid read/write capa- 
bility. Traditionally a UNIX workstation 
tool, DESIGNBASE now supports 
Windows NT and Windows 95. 

Ron Hall, Ricoh’s DESIGNBASE sales 
manager for North America, said the 
modeling software’s extensive capabili- 
ties have enabled companies to create 
programs for commercial distribution 
as well as customized in-house software. 
“We have 500 commands and 2,000 
APIs,” Hall noted. For more than a 
decade, this robust development tool 
has dominated the market in Japan, 
where it is more common to custom- 
design software than to rely on com- 
mercial software, Hall explained. 

Commercial programs created using 
DESIGNBASE include the solids mod- 
ule in MICROCADAWM’s Helix design sys- 
tem. Ricoh continues 
to market DESIGN- 
BASE primarily for 
CAD/CAM use, but 
Hall revealed that 
some real-time virtual 
reality game and sim- 
ulations developers 
were considering using 
the tool for future 
development. 

Most notable of 
DESIGNBASE’s new 
features, said Hall, is the 
“extremely advanced 


offset and shelling functions,” which 
enable developers to “generate offsets 
automatically from existing topology, 
including face-sets with complex filleted 
intersections, or ‘collapsing topology’ 
situations.” Enhanced offset functions 
include shelling, sharp corner offset, 
round corner offset, and offset collapsing 
technology. Version 5.2 further utilizes its 
support for Gregory surfaces, which ease 
creation of smooth surface-to-surface 
connections, enable the modeling of com- 
plex free-form shapes, and provide high- 
ly flexible surfaces control. Developers 
can create free-form surfaces and com- 
plex solids with extruding, revolving, 
sweeping, blending, offsetting, rounding/ 
filleting, and interpolating, among other 
modeling operations. 

A key DESIGNBASE feature is its use 
of a unique technique called meta- 
modeling, which allows developers to 
build solid models by capturing, replay- 
ing, and editing sequences of modeling 
operations. These operations are dis- 
played in a graphical schematic history 
tree window, which allows developers to 
edit models with unlimited undo and 
redo, cut and paste, and point-and-click 
GO TO operations. 

Meta-modeling is but one facet of 
the tool’s ease of use. The prototyping 
and simulation functions are graphi- 
cal, and while development is done 
primarily through a command inter- 
face, DESIGNBASE’s extensive help 
system can guide users through code 
generation. Developers have instant 
access to the 2,000 API functions— 
from low-level routines like calculating 
intersection curves to high-level func- 
tions like rounding—throtgh context- 
sensitive help and an_ online 
documentation system that includes 
explanations of arguments, error 


messages, sample programs, and 
graphical examples. 

The tool’s graphical nature lends it 
to implementation on Windows NT 
quite well, but Ricoh’s primary reason 
for supporting Windows NT is the “sig- 
nificant increase” in developers’ inter- 
est in the platform. Hall observed that 
for many developers, “their next strate- 
gy for a product release is on NT.” In 
fact, he added, 95 percent of the devel- 
opers with whom he is in contact have a 
strategic focus on NT development. 

DESIGNBASE Version 5.2 is priced 
at $35,000 per seat. Site licenses and 
pricing discounts are available. Ricoh 
charges royalty fees for products devel- 
oped with DESIGNBASE for commer- 
cial distribution. 

Contact Ricoh Corporation, phone: 
(408) 954-5464, fax: (408) 954-5466. 


Michelle Pollace, hp-ux/usr New Products 
Editor, wntes Product Focus. 


Speedware OrderPoint 3.0 

Speedware OrderPoint 3.0 is a pack- 
aged Web development toolset that 
allows businesses to set up secure elec- 
tronic storefronts integrated with 
dynamic inventory and pricing records 
as well as payment and shipping infor- 
mation. With the recent introduction 
of Version 3.0, the product’s name was 
changed from the Speedware Store to 
OrderPoint because of Speedware’s 
shifting market focus, targeting mainly 
business-to-business concerns (primarily 
manufacturing and distribution) rather 
than retail. 

Designed for use in intranets and on 
the Internet, OrderPoint offers a point 
and-click interface, custom selection 
criteria, graphical icons, and a propri- 
etary keyword search engine that allows 


end users to select up to seven fields. It 
also features support for multiple pay- 
ment methods, international tax 
calculation options, and frame imple- 
mentation, which can be configured 
based on the user’s resolution. 

Users don’t need specialized pro- 
gramming to set up their storefronts, 
but those wishing to customize by incor- 
porating graphics or other elements can 
access the HTML code to do so. “We’ve 
built a very powerful back end and tried 
to give as many options as possible for 
how users want their site to look or oper- 
ate, yet allow them to effect those 
options simply by turning on a radio 
button or checking a box,” says Lori 
Ellsworth, director of marketing and 
business development for Speedware’s 
Internet applications. “We’ve also 
designed fairly extensive importing facil- 
ities, based on a flat file concept, so that 
if you have your data in some other 
source, it’s simple to import it into 
OrderPoint and make use of it right 
away, so you don’t have to do extensive 
data reentry.” 

OrderPoint is not just EDI with a 
pretty interface; it can be accessed with 
any Web browser. Users can set up sites 
accessible to the general public or only 
to certain individuals using login names 
and passwords. 

When it comes to security in elec- 
tronic commerce, Ellsworth says, there 
are two primary concerns. The first is 
operating in a secure environment and 
being able to authenticate users, and 
the second is providing secure financial 
transactions. OrderPoint can be 
deployed in secure environments sup- 
porting both SHTTP and SSL tech- 
nologies (the security layers in servers), 
so any information that’s entered is auto- 
matically encrypted. “If you have your 


electronic commerce application on a 
secure server, such as SHTTP or SSL, 
the next area of security is financial 
transactions,” according to Ellsworth. 
“We've chosen to connect to third-party 
products specifically designed for that 
purpose, one of which is CyberCash. We 
have integrated our application with 
CyberCash so that everything about an 
order is passed off to them. CyberCash 
is the first third-party vendor we’ve cho- 
sen to work with, but our strategy for 
incorporating current and future tech- 
nologies will be to continue to adopt 
those that become standard as they 
come along.” : 

Platforms supported include 
Windows NT, Windows 95, HP-UX, Sun 
Solaris, and IBM AIX. OrderPoint works 
with most databases, including Oracle, 
Informix, Sybase, SQL/Server, ALL- 
BASE, and ISAM. It is priced at $25,000 
for Windows NT and $30,000 for UNIX. 
Interactive demonstrations of Order- 
Point and other Speedware products 
are available at the company’s Web site 
(see address below). 

Contact Speedware Corporation, 
phone: (416) 408-2880, fax: (416) 408- 
2872, http://www.speedware.com. 


Teresa Thomas, freelance writer, contributed 
this Product Focus piece. 
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New Products 


Diagramming and Flowcharting 

Confluent, Inc. has announced Visual 
Thought 1.3, a diagramming and flow- 
charting tool that runs natively on both 
UNIX and Windows. 

Visual Thought provides over 100 
general and special-purpose shapes for 
applications such as software design, 
flowcharting, network diagrams, busi- 
ness graphics, or Web graphics. Users 
can “attach” an arbitrary program or file 
to any shape or connection, then run it 
by clicking on the attachment button. 
Sound annotations can be easily record- 
ed into shapes and edited with the full- 
featured, flexible sound editor. 

Drawing features include 100 levels 
of undo; a library of shapes arranged 
in dozens of drag-and-drop palettes; 
and rubberbanding connections. The 
“live” WYSIWYG feature shows users 
exactly what they’re doing, even while 
dragging objects. 

The plug-in export translator tech- 
nology in the new release allows users 
to export an entire document or just 
selected objects to a file from dozens of 
file formats, including: Encapsulated 
PostScript (EPS or EPSI), GIF, TIFF, 
JPEG, Sun Raster, XWD, and MIF 
(FrameMaker Interchange Format). 

Visual Thought 1.3 pricing starts at $495. 

Contanct Confluent, phone: (415) 
764-1000 or (800) 780-2838, fax: (415) 
764-1008, e-mail: info@confluent.com. 


Server Cluster Failover 

Conley Corporation has announced 
SafePath, which provides automatic 
error recovery for server-to-RAID data 
path failures. 

SafePath supports standard adapters, 
clustered (up to 4) servers, and dual-active 
data paths. It adds adaptive routing to a 
subsystem in order to monitor the con- 


dition of all data path components. 

In a cluster environment SafePath 
allows multiple hosts to access the same 
RAID subsystem. In addition, with active- 
active data paths, the software provides 
a substantial performance increase over 
traditional single bus configurations. 
Using SafePath, each host automatical- 
ly senses status changes in data paths, 
including RAID controllers, cables, and 
host bus adapters. A failure in any of 
these areas results in an immediate re- 
routing of I/O requests, and a complete 
data path recovery in seconds with no 
impact on server applications. After a 
data path has been restored SafePath 
allows for automatic failback. 

Contact Conley Corporation, 
phone: (212) 682-0100, fax: (212) 
682-0071, e-mail: info@conley.com, 
http://www.conley.com. 


Windows and UNIX Integration 
FacetCorp has announced FacetWin 
Version 1.1, a Windows-to-UNIX inte- 
gration solution including transparent 
file and print services, terminal emula- 
tion, PC backup/restore, e-mail and 
modem servers and remote computing 
support. FacetWin Version 1.1 is imme- 
diately available and includes enhanced 
server and terminal emulator features. 
FacetCorp based the file and print 
services in FacetWin upon the Common 
Internet File System (CIFS) formerly 
known as SMB. This is the primary sys- 
tem that Microsoft Windows uses for 
networking PCs. FacetWin’s UNIX CIFS 
server requires no additional software 
to be loaded on the PC to get com- 
pletely transparent file and print ser- 
vices. The only part of FacetWin to run 
on the PC is the terminal emulator, 
which was designed as a native 32-bit 
application for Windows 95 or NT. 


TAMING UNIX 


An Introductory Guide to Performance Management 
for the HP-UX System Administrator 


By Robert A. Lund 


You, the humble and righteous system administrator, Whilist in the midst of performing your duties, 
are nearly overcome by a herd of renegade daemons. 


Some of the Topics Covered Include: 
@ Hardware/Application Interplay @ Memory Management @ Load Balancing Techniques 
@ Capacity Planning @ HP-UX Kernal Tables @ Disk Space Management 


“In this book, Bob Lund offers a common sense approach to the sometimes mysterious topic of UNIX system performance. 
Recommended reading for all system administrators. A great addition to any data processing professional’ toolbox.” 
LEROY RUGGERIO 
Informational Technology Engineer, Data Based Systems CIRCLE 62 ON READER SERVICE CARD 


Call and order your copy today! 


enti ENam? (541) 926-3800 


PERFORMANCE SOLUTIONS 240 Second Ave. SW © Albany, OR 97321 # Phone (541) 926-3800 © Fax (541) 926-7723 


Performance Beyond Expectation — e-mail: info@lund.com ° Visit or web site at: www.lund.com 


FacetWin Version 1.1 is immediately 
available and is free to existing licensed 
users, as is technical support. Any 
FacetWin licensed customer may down- 
load and use this version without re- 
registering the software. Pricing remains 
at $195 for a single-user license of Facet- 
Win with multiple-user discounts. A free, 
30-day evaluation copy is available. 
FacetWin Version 1.1 can be down- 
loaded from hitp://www.facetcorp.com. 

Contact FacetCorp, phone: (972) 
985-9901. 


Web-based Helpdesk 

UniPress 
announced Java capability for its 
FootPrints helpdesk for UNIX and 
Windows NT. The helpdesk system 
records and tracks problems, solutions, 


Software, Inc. has 


bugs, and related information and makes 
that information available to anyone with 
access to the Internet or Intranet. 
FootPrints enables customer support 
professionals and users to take immedi- 
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ate advantage of the Internet’s benefits: 
global access, self-service, faster response 
times, and immediate feedback. Adding 
the Java applet makes it even easier to 
manage FootPrints sessions, to manage 
the Web browser, and to manage infor- 
mation. The FootPrints ControlPad 
option provides users with pointand-click 
access to all FootPrints functions. It also 
launches a FootPrints session in a sepa- 
rate browser window, leaving the original 
browser available to run other functions. 

An evaluation copy of FootPrints can 
be downloaded from http://www.uni- 
press.com/cgi-bin/free_evals. 

The FootPrints Starter Pack includes 
the server software and three licenses and 
is priced at $1,995. Additional licenses 
are available at $495 each. FootPrints 
requires a Windows NT or UNIX-based 
Web server and supports all Web 
browsers. 

Contact UniPress Software Inc., 
phone: (800) 222-0550 or (908) 287- 
2100, e-mail: info@unipress.com. 


C-Kermit 

C-Kermit 6.0 is a major new release of 
C-Kermit communications software for 
HP-UX (all versions from 5.21 to 10.30) 
and all other known varieties of UNIX. 
It replaces C-Kermit 5A(190), which is 
preinstalled on HP-UX 10.xx platforms 
by agreement between Hewlett-Packard 
and the Kermit Project at Columbia 
University. 

C-Kermit is a combined serial and 
network communication software pack- 
age offering terminal connection, file 
transfer, character-set translation, and 
automation through its cross-platform 
script programming language, which is 
available on UNIX and on OS/2, 
Windows 3.1, 95, and NT, and DOS. 

C-Kermit 6.0 is the first version of C- 
Kermit that works properly on HP-UX 
10.10 and above. Earlier versions of C- 
Kermit do not work on HP-UX 10.10 or 
higher because of changes in the HP- 
UX runtime libraries. 

All of the new features of C-Kermit 
6.0—as well as all those added in all 
releases since 5A(188)—are completely 
documented in the new revised and 
expanded second edition of the Digital 
Press book, Using C-Kermit. C-Kermit 6.0 
and the book are available now by mail 
order. The C-Kermit software is also 
available via anonymous ftp to 
kermat.columbia.edu, directory kermit. 

Contact the Kermit Project, phone: 
(212) 854-3703, (212) 663-8202, e-mail: 
kermit-orders@columbia.edu, 
http://www.columbia.edu/kermit/. 


C++ Code Analysis 

ParaSoft Corporation has announced 
CodeWizard for Windows NT and 
Windows 95. For a limited time, this C++ 
code analysis tool for Windows 95 and 
Windows NT can be dowloaded from 


ParaSoft’s Web site at no charge. 

Based on Scott Meyers’ popular 
book, Effective C++, CodeWizard reads 
C++ source code and automatically indi- 
cates violations based on the rules 
described in the book. 

CodeWizard helps programmers to 
deeply understand Meyers’ rules by 
putting them into the perspective of 
their own code. 

CodeWizard is tightly integrated with 
Microsoft’s Developer Studio and parses 
code and automatically reports rule vio- 
lations to the developer. It improves 
code design, checks code for portability, 
and prevents the misuse of language- 
specific features. 

CodeWizard for Windows NT and 
Windows 95 is available at no charge. 
CodeWizard for UNIX is available at $995. 

Contact ParaSoft Corporation, phone: 
(888) 305-0041, fax: (818) 305-3036, e-mail: 
info@parasoft.com, http://wwwparasoft.com. 


Web Site Links Checker 

Electronic Software Publishing 
Corporation (Elsop) has announced 
LinkScan, a link checker that operates 
on UNIX servers. LinkScan can test over 
30,000 links per hour and produces two 
types of Web site maps. LinkScan’s 
SiteMap enables the user to produce a 
site map that includes every link on a 
Web site arranged in a hierarchical for- 
mat that resembles a book’s table of con- 
tents. LinkScan’s TapMap is an 
expandable and collapsible site map that 
allows viewers to tap down through mul- 
tiple levels to easily explore the Web site. 

Elsop’s LinkScan reports and SiteMaps 
may be viewed using any of the standard 
Web browsers, such as Netscape Navigator 
1.2 and up and Microsoft Internet 
Explorer. LinkScan is designed to run on 
UNIX and Windows NT servers. 


Within a Web site, LinkScan scans for 
missing HTML documents, images and 
other files; validates all internal hyper- 
links; checks all name tags and refer- 
ences; creates site maps or table of 
contents suitable for publication; and 
discovers orphaned files. LinkScan also 
probes each external hyperlink to other 
Web sites. 

Free evaluation copies of Link- 
Scan may be downloaded from 
hitp://www.elsop.com. 

Licenses are $495 each. Licenses for 
charitable non-profit organizations, edu- 
cational institutions, or individuals for 
personal use are $49.95 each. 

Contact Elsop, e-mail: linkscan@ 
elsop.com, http://www.elsop.com/. 


Systems Monitoring 

Heroix Corporation has announced 
RoboMon Version 6.1 for UNIX, which 
features universal database monitoring 
and problem solving, as well as 
enhanced support for SNMP-based 
frameworks such as OpenView and 
NetView. 

Monitoring of databases, such as 
Oracle, Ingres, and Sybase, is provided 
via the new RoboMon Omni-Collector, 
which enables system managers to 


instruct RoboMon to monitor and take 
actions on problems based on any data 
that can be generated by the computer 
system. RoboMon detect problems with 
the database itself and can also detect 
anomalies in key company data, such as 
sales, inventory, or cash levels. 

RoboMon Version 6.1 also supports 
a specific trap number, which can be 
used as a severity indicator, on the SNMP 
action it uses to report to network man- 
agers such as OpenView. 

RoboMon ships with an extensive 
out-of-the-box rule set which enables sys- 
tem administrators to easily use, extend, 
and tailor the product for Site-specific 
requirements. 

RoboMon for UNIX prices range 
from $300 to $2,500 per machine. 

Contact Heroix, phone: (800) 229- 
6500, e-mail: pr@heroix.com, http:// 
www.RoboMon.com. 


Network Data Acquisition Server 
Real Time Integration, (RTT) Inc. has 
announced the NetAcquire 3000, a net- 
work data acquisition server that 
acquires, processes, and updates real- 


time analog data at over 750,000 sam- 
ples/second. NetAcquire 3000 uses a 
standard Ethernet network to commu- 
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new products 


Terminal Servers 
Central Data Corporation has 
introduced two new terminal 


’ Central Data Terminal Servers 


servers with 32 serial ports each. The EL-32 EtherLite Port Server provides 
32 ports from one Ethernet TCP/IP session. The ST-1032 scsiTerminal Server, 
supports 32 serial ports from one SCSI address. EtherLite Port Servers and 
scsiITerminal Servers can connect to modems, printers, terminals, and other 


RS-232 I/O devices. 


Both the EL-32 EtherLite Port Server and ST-1032 scsiTerminal Server con- 
nect 32 asynchronous, RJ-45 serial ports to a system running UNIX or Windows 
NT. The EL-32 is compatible with a 10Base-T Ethernet network, while the ST- 
1032 attaches to a standard SCSI bus. The ports will transfer data at speeds up 
to 115 kilobaud. Surge protection is provided on all serial lines for reliability, 
and full modem control and hardware/software flow control ensure data 


integrity. 
Pricing for either unit is $1,995. 


Contact Central Data, phone: (800) 482-0315 or (217) 359-8010, fax: (217) 


359-6904. 


nicate with a client computer monitoring 
and displaying the results. The product 
can be a component in building local- 
area distributed test and measurement 
systems and is Internet-compatible. 

The NetAcquire 3000 has been opti- 
mized as a real-time platform with an 
onboard 486 processor running a true 
real-time operating system. 

Its industry-standard TCP/IP Ethernet 
network interface allows data acquisition 
from MS-DOS, Windows 3.1, 95, NT, and 
UNIX. Up to 10 NetAcquire boxes can 
be run in parallel with each networked 
client computer. 

The NetAcquire 3000 is priced at 
$8,495 and includes server and client 
software for Windows 3.1, 95, and NT. 

Contact RTT, phone: (206) 883-7563, fax: 
(206) 883-0463, e-mail: realtimeint@real- 
timeint.com. 


Data Availability 

Quest Software Inc. has announced 
SharePlex Replication, a complete 
replication solution for UNIX file sys- 
tems and heterogeneous RDBMS. 
SharePlex makes data available in a 
very comprehensive manner by pro- 
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viding real-time database and file sys- 
tem replication across multiple remote- 
ly located systems. 

SharePlex deploys data warehouses, 
real-time continuous backup of opera- 
tion databases, load balancing, and dis- 
aster recovery strategies in distributed 
environments. 

The product has high speed, flexi- 
ble multiple-tier architecture, and com- 
prehensive administration and 
monitoring tools. It can also replicate 
any type of changes on any type of file in 
the UNIX file system. 

Contact Quest Software, phone: 
(800) 306-9329. 


Mass Data Storage 

ATG CYGNET has announced the 
VFD 16000 disk drive, which provides 
16 GB of online data storage. The sys- 
tem uses 12-inch WORM (Write Once 
Read Many) disks based on digital opti- 
cal technology. 

The Hexadisc, a unit featuring six of 
the removable WORM disks, offers a 96- 
GB capacity when coupled to the VFD 
16000. Two VFD 16000 units can be inte- 
grated in a jukebox to extend storage 


capacity to 2.3 terabytes, which can be 
accessed in less than 8 seconds. Sector 
access time is 90 milliseconds. 

Contact ATG CYGNET, phone: (33) 5 
62 14 21 02, fax: (33) 5 61 41 03 49 
(France), or contact the French Technology 
Press Office, phone: (312) 222-1235, fax: 
(312) 222-1237 (U.S.). 


New from Hummingbird 


Chent Library 

Hummingbird Communications Ltd. 
has announced the SOCKS Version 4 
client library for Windows NT 4.0. The 
installation of Hummingbird’s SOCKS 
client on an NT workstation enables net- 
work administrators to control access to 
the Internet and corporate intranet for 
all Winsock 1.1 or 2.0 compliant TCP/IP 
applications in a way that is completely 
invisible to users. 

SOCKS Version 4 is an IETF open- 
systems protocol specifying a circuit- 
level proxy gateway for controlling 
access to TCP/IP networks. ASOCKS 
server is placed between a private 
enterprise network and a public net- 
work, such as the Internet, or between 
a workgroup and other security 
domains on an intranet. The 
Hummingbird SOCKS client on the 
desktop installs between any Winsock 
1.1 or 2.0 compliant TCP/IP client and 
the Winsock DLL, intercepting all 
requests for connections with outside 
hosts and referring them to the SOCKS 
server. The server then allows or dis- 
allows the connections based on set- 
tings established by the network 
administrator, and it establishes a safe 
circuit between the client and host. 

The product is available for free 
download from http://www.humming- 
bird.com. 

Continued on Page 78 


Thinking about DIT? 


Think again! We know that many of you are thinking about DIT tape libraries. But 
recent advances in 8mm and 4mm technology—and tape libraries made by StraightLine— 
might make you want to think again. 


StraightLine StraightLine ADIC ATL 


Model SL-400 Series SL-800 Series Scalar ACL 4/52 
Drive format 4mm 8mm* DLT 4000 DL 4000 
Number of tapes in library 18 or 24 20,50, or 150 18 to 52 52 
Throughput up to 25.86B/hr up to 108GB/hr_ = up to 43.2GB/hr —_up to 43.26B/hr 
Total capacity up to 5866B 200GB to 7.51B  —2.081B 2.081B 
Bar code reader Yes Yes Yes Yes/6-digit 
Number of drives 1 to3 1 to 5 2 to 4 2 to 4 
Head life (hours) >20,000 >20,000** 10,000 10,000 
Media uses (passes) 20,000 20,000 15,000 15,000 
Drive MTBF (hours) 200,000 200,000 80,000 80,000 
Tape drawer(s) Yes Yes No No 
Removable tape boxes Yes Yes No No 

List price starting at $7,995 $13,995 $17,995 $45,000 


*Exabyte’s recommended 8mm tape—Exatape 170M Advanced Metal Evaporated tape 
Sony's recommended 8mm tape—SDX-T3N 170M Advanced Metal Evaporated tape 
** Exabyte Mammoth head life —20,000 hours 

Sony AIT SDX-300 head life—30,000 hours 


Led by Sony, HP, and Exabyte, tape drive 
technology has taken a giant step forward in 
reliability, performance, capacity, and price. 
Consider this: 


Reliability — StraightLine has taken the 
best in drive technology and engineered 
tape libraries with mainframe-class robotics. 
Our unsurpassed accuracy—to .001 of an 
inch—means you'll get ’round-the-clock 
dependability. And that’s not all. 


Capacity and Throughput — The 
SL-800 series offers a range of 8mm systems 
designed to meet your current needs and 
easily expand to meet your future needs, too. 
Choose Sony or Exabyte drives, then select the 


© 1997 Straightline. All rights reserved. Straightline is a division of IGM Communications. 
All brand ond product names are property of their respective holders, 


number of tapes—20, 50, or 150 tape sys- 
tems—offering up to 7.5TB of data storage 
and 108GB per hour throughput. 


The SL-400 series is now available with the 
latest in 4mm technology —DDS-3. Using 
a StraightLine tape library, you'll realize 
586GB of total capacity and a data transfer 
rate of 25.8GB per hour. Systems are 
available in 18 and 24 tape configurations. 


Industry Standards — Straightline 
libraries are compatible with all standard 
systems and software—Sun, HP-UX, SGI, 
IBM RS/6000, Sequent, NT, DEC; Novell, 
LAN Manager; Arcada, Legato, ArcServe, and 
many others. 


Better than DLT! — If you’re thinking 
about a tape library, think about this—we 
offer the best in reliability and performance 
at a very competitive price. Then call 
StraightLine—the leader in 8mm and 4mm 
tape libraries. Now that’s good thinking! 


800-458-1273 
www.igm.com 


Straightline 


677 120th Ave. NE © Bellevue, Washington 98005 
e-mail: igm@igm.com 
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Question & Answer 


QQ: How can I obtain the size of RAM currently installed on my CPU? 


= There are a number of ways: 
You can watch the machine as it boots up and (quickly) write down the number 
of megs of RAM installed. Or you can use the command /etc/dmesg 
(/usr/sbin/dmesg for 10.xx) and look at the values listed for memory. On Series 
800 (9.xx only), you can use the command /etc/sysdef. Both dmesg and sysdef 
require root capability. 

A brute force way (for small memory sizes) would be to count the bytes in 
/dev/kmem as in: 


we -c /dev/mem 


This will require 100 percent CPU time, a long time if the RAM is more than 32 
megs or so. 
Here is a program that will work: 


/* Get actual memory size in bytes */ 

#include <stdio.h> 

#include <sys/pstat.h> 

main () 

{ 
struct pst_static buf; 
pstat_getstatic(&buf, sizeof (struct pst_static),1,0); 
printf ("%d\n" ,buf.physical_memory*buf.page_size) ; 


It just prints out the size of RAM in bytes as one big number. 
Here’s an extension that shows virtual memory too: 


#include <sys/pstat.h> 

main() { 

struct pst_static stat_buf; 

struct pst_dynamic dynam_buf; 

pstat (PSTAT_STATIC, &stat_buf, sizeof (stat_buf),0,0); 

pstat (PSTAT_DYNAMIC, &dynam_buf, sizeof (dynam_buf) ,0,0); 

printf("“ Physical memory = %ld MB\n”,stat_buf.physical_memory/256) ; 
printf(" Virtual memory = %ld MB\n”,dynam_buf.psd_vm/256) ; 

} 


QQz 1 have lots of files called ‘core’ on my system. How can I determine the 
name of the program that created them? 


= For 10.xx systems, use the file command as in: 


# file /opt/pd/share/man/core 


/opt/pd/share/man/core: core file from ‘more’ - received SIGABRT 


In this case, the more(1) command was terminated with the 
SIGABRT signal. For 9.xx systems, use adbas in: 


$ echo ‘$m’ | adb core | grep from 
/ map (inactive) ‘core’ from ‘sleep’ 


but it isn’t as reliable as file(1) at 10.xx. 


Qi: I am trying to run a program from /etc/rc (startup) but it 
seems to quit before I can log in. 


#5 If your daemon is being started at boot time from a startup 
script such as /etc/rc, its child processes (including your 
background program) are probably being killed when the 
process running /ec/rc exits. Make sure that your daemon code 
calls setsid() so that it doesn’t run as a child of the /etc/rc process. 
Another option is to run the daemon as a batch job (at) set to 
start at a time after /etc/rc has finished. 


QQ What are the messages logged by JetDirect using the 
syslog code in the JetDirect family of cards? 


= When the HP JetDirect interface is enabled for TCP/IP 
network protocol, the card can generate syslog messages and 
send them to a syslog server specified in the SYSLOG SERVER 
field. This may be useful in identifying error conditions or to 
track changes over a period of time. 

To enable this feature you must specify the IP address of the 
syslog server either through bootp and the SNMP params set up 
by jetadmin software, via the front panel, or through utilities such 
as telnet. Only one syslog server may be configured, and the 
JetDirect interface will not generate syslog messages unless a sys- 
log server has been configured. 

Below is a list of the message strings that can get generated by 


the JetDirect interface and logged to a file. These message 
strings are logged to the file /uwsr/adm/syslog (HP-UX9.xx 
and earlier) or /var/adm/syslog/syslog.log for 10.xx versions 


of HP-UX. 
The error messages are displayed in the following format: 


Date Time IP Addr _ printer: <message strings> 
for example: 
Mar 23 12:20:13 12.34.56.78 printer: powered up 


The following message strings are part of the syslog 
facility: 


“error cleared” 
“unknown” 

Alt a“ 
powered up 


“image dump to <IP ADDRESS> “ 


“image dump to <IP ADDRESS> failed with TFTP error <NUMBER>” 


“config file error line: <NUMBER> <FILENAME>” 

“status change” 

“ready to <PRINT/PLOT/RUN>” 

“not ready to <PRINT/PLOT/RUN>” 

“busy with other I/O: “ 

“offline or intervention needed” 

“paper problem” 

“paper out” 

“paper jam” 

“toner/ink low” 

“page punt” 

“memory out” 

“cover/door open” 

“output full” 

“error: <NUMBER>” 

“peripheral fatal error: <NUMBER>” 

“network peripheral interface fatal error: <NUMBER>” 
“interface reconfigured” 

“TFTP config file fetch from <IP ADDRESS> failed with TFTP error ##” 


“system name changed” 


“connection from <IP ADDRESS> denied due to access failure” 


“connection with <IP ADDRESS> aborted due to <REASON>” 


The following strings may be displayed in the 
<REASOMN> field: 
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“unknown reason” 

“synchronization error” 

“insufficient memory” 

“max. retransmission count exceeded” 
“foreign side aborted” 

“SYN received on open connection” 
“duplicate socket” 

“local close acknowledged” 

“foreign side closed” 

“foreign side initiated close” 
“security check failed” 

“destination unreachable” 

“error on connection attempt” 
“connection attempt timed out” 
“connection accept timed out” 

“no response to keepalives” 
“peripheral front panel reset” 

“SNMP SetRequest reconfigured interface” 
“SNMP SetRequest aborted Connection” 


QQ: How’can I print directly to a file? 


= This is useful when you need to trace the 
exact characters and escape sequences being 
sent to the printer or log the data being created 
by some program. Here are the steps: 


1. Create a file that will be used as the 
destination. For example: 


touch /tmp/printer 


2. Set the owner and group on the file so that 
the /p process will be able to write to it: 


chown lp:lp /usr/tmp/printer 
chmod 644 /usr/tmp/printer 


3. Shut down the scheduler: 


/usr/lib/lpshut 
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4. Add the new printer using the dumb model script: 
/usr/lib/lpadmin -p<printer_name> -mdumb -v/tmp/printer 
5. Start the scheduler: 

/usr/1lib/lpsched 

6. Allow the spooler to queue new jobs to that printer: 


/usr/lib/accept <printer_name> 


/usr/bin/enable <printer_name> 


7. Send a test job to the printer and then look at the contents of the 
file. For example: 


/usr/bin/lp -d<printer_name> /etc/passwd 


Note that the file will be overlaid rather than appended for each job. 


QI administer a number of workstations running various levels of 
HP-UX 9.x. I add hundreds of new users to the systems every quarter. 
How can I force users to alter their passwords upon first logging in and 
every four weeks thereafter? 


; You can use password aging. Password aging is controlled by an 
optional field in the password file entry. This aging field follows the 
password: 


username : password[,pw_age] :userid:groupid:idstring:homedir: command 


Notice that the aging field must follow a comma if it is to be used. The 
format of this field is: 


,max min wks 


max: The maximum number of weeks the password can be used before 
it must be changed. This is a single character. 

min: The minimum number of weeks the password must be used before 
it can be changed. This is a single character. 

wks: The number of weeks since the password was last changed. This 
is an encrypted field that is used by the login program. 
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Break Away from your Competition by 
Integrating EDI with your Applications ... 


St. Paul Software is the leader in electronic commerce integration 


We pioneered the first UNIX-based EDI product in the late 1980s 
and now offer a complete line for managing your electronic commerce 
environment. For Windows NT®, UNIX, PC, Mainframe (M VS) and 
Midrange (HP3000, DEC VAX VMS and DEC ALPHA OPEN VMS) 
environments. St. Paul Software's innovative EC/EDI software products, 
combined with our EDI Service Bureau, professional services and 

value-added network options present you with a total solution. 


As a leader in application integration, we can provide you with a 
seamless integration to Oracle, SAP CA-MANMAN, SBT and other 
applications. 


Break away from your competition by integrating EDI with your applications! 
Call us to find out why St. Paul Software should be your EDI partner. 


Wq ST. PAUL SOFTWARE 
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The max and min value are encrypted characters. Here’s 
their translation: 


Character Weeks 
; 0 
f ] 
0-9 2-11 
A-Z, 12-37 
a-Z 38-63 


So, it you want them to change their passwords every four 
weeks, you need to set max to 4, which is 2 when encrypted. 
Let’s say that you want them to use the password for at least one 
week. That means that min will be 1, or /. You will add “2/” 
to the end of each password. 

Since the login program writes the “wks” string, it will not 
be there when users first log in. As a result, they will be forced 
to change the password. Thereafter, the aging will be enforced. 


QE | add and remove users to my system using SAM. I 
have added a new application to my system that necessitates 
particular action when a user is removed from the system. Is 
there a way to automate this process through SAM? 


SAM does offer task customization in this area. You 
can choose to have a script run before or after the user is 
actually removed. An example script is provided at 
/usr/sam/lib/ct_rmuser.ex. Also notice that a similar example 
script is available for adding users. 

The example script is simply a skeleton script that process- 
es the parameters passed by SAM. The script describes the 
four possible parameters that will be passed. 

First, copy this script to another file name. Make sure the 
file has execute permission and write privilege for only the 
appropriate users. Add your commands to this script. Before 
testing this script with SAM, make sure that it runs properly at 
the command line. 

When you are sure that the script is executing correctly, run 
SAM to add the customization. Make the following menu choices: 


Accounts for Users and Groups 
Users 
Actions: Task Customization 


The subsequent screen will allow you to enter the full 
path of your script. If you have trouble with the script, 
check out /var/sam/log/samlog after your SAM session 
for details. 


hp-ux/usr = may/june 1997 Wee 


question SP answer 


QQ: [ have written a script that uses the newgryp command 
to change the group id associated with the process. I have 
found that the commands after the newgrp command are 
not executed. What is the problem? 


The problem is that newgrp(1) starts a new shell that 
replaces the current shell. So, you have a couple of choices. 
First, you can create the file /etc/logingroup effectively to give 
your users privileges of all of their group memberships 
simultaneously. See the man page for group(4). 

Or, you may be able to use a trick to use the newgrp(1) com- 
mand in your script. See the following script: 


#!/bin/sh 

echo “Beginning of script” 
id 

sh -c “newgrp groupl” <<! 
echo “In ist newgrp” 

id 

| 

echo “Between newgrp’s” 
id 

sh -c “newgrp group2” <<! 
echo “In 2nd newgrp” 

id 

! 


echo “End of script” 
You should see output that is similar to this: 


# ./test.sh 

Beginning of script 

uid=132(spotter) gid=20(users) 

In 1st newgrp 

uid=132 (spotter) gid=210(groupl) groups=20 (users) 
Between newgrp’s 

uid=132 (spotter) gid=20 (users) 

In 2nd newgrp 


uid=132 (spotter) gid=220(group2) groups=20 (users) 
End of script 


QQz I have just migrated my systems from 9.x to 10.10. I 


have several software packages that I created with /pkg at 
9.x. How can these be converted for use at 10.x? 


X= You can convert these packages using the command 
pkg2swpkg(1M). This command is available via the 10.x 
Core media or the 9.x Conversion and Analysis Tools 
media. The command can be run at 9.x or 10.x. 

This command helps to translate existing /pkg product 
specification files (PSFs) into a format the SD-UX command 
swpackage can use. The fpkg keywords are converted to swpack- 
age counterparts when available. The /pkg keywords with no 
swpackage counterpart are included but commented out in 
the swpackage PSF. 

Manual edits and use of the swpackage( 1M) command com- 
plete the process of generating a swpackageformat depot from 
the /pkg information. See the /pkg2swpkg(1M) man page for 
more details. 


QI use the commands du(1) and Ii(1) to display the size 
of files. I have noticed that the output from these two 
commands is almost always different for the same file. 
Usually, du(1) reports the larger size, but occasionally (1) 
shows the larger value. What is the cause of this 
discrepancy? 


= U(1) reports the size of a file as it exists in the size field 
in the inode structure associated with the file. It reflects the 
amount of data in the file. du(1) reports the number of 512- 
byte blocks that have actually been allocated to store this 
file’s data and additional data block pointers. 

As you have pointed out, the value returned by du(J) is usu- 
ally larger than that returned by //(1). The most obvious reason 
for this difference is that the last data block is seldom com- 
pletely full. Also, if the file needs more than 12 data blocks, one 
or more additional blocks are used for pointers to data blocks. 

So, these blocks do not contain actual file data, but they 
are reflected in the output of du(1). 

If the //(1) value is larger, the file must be a sparse file. 
A sparse file contains “holes.” In HP-UX, data blocks are 
not used to represent these holes, which would be full of 
nulls. If the file were copied out to tape, it would be its 


“ll” size on the tape. This is common in some database 
applications. 


Qa? | just installed a new application on my workstation 
that occasionally fails to run correctly. I receive the 
following message on the console: 


Cannot get shared memory — OS error 28 


It seems to report an operating system error. Do I need to 
call my application vendor, or is this an HP-UX problem? 


= When you receive an error message from an application, 
it is always a good idea to call the application vendor. The 
message is actually generated from the application, not HP- 
UX. HP support may not be able to interpret this message. 
However, it is often possible to diagnose the problem on your 
own if an HP-UX error number is provided. 

In this case, the operating system error is 28. The first 
thing you should do is check the file /wsr/include/sys/errno.h, 
which defines error codes with their associated numeric 
value. Looking at this file, you can see that ENOSPC is 
defined as 28. 

The second step is quite a bit more difficult. You need to 
determine what HP-UX function produced the error. In 
this case, you know that shared memory was involved. If you 
are not familiar with the functions that handle shared mem- 
ory, try using the whatis file. You can do this by using the 
“k” option of man(1). 


# man -k “shared memory” 


ipcerm (1) - remove a message queue, semaphore set or 
shared memory id 

shmat, shmdt(2) - shared memory operations 

shmctl (2) - shared memory control operations 

shmget (2) - get shared memory segment 


So, this is a good place to start. This is where the interpre- 
tation of the message can cause a problem. This message, 
however, is fairly straightforward. The function shmget(2) seems 
to be the best bet. 

The third step is to examine the man page for the func- 


tion. Any valid error values will be documented. In this 
case, you are looking for ENOSPC. From the man page for 
shmget(2): 


[ENOSPC] A shared memory identifier is to be created but 
the system-imposed limit on the maximum number 
of allowed shared memory identifiers system 


wide would be exceeded. 


It looks as if you are out of shared memory identifiers. This 
can be addressed by increasing shmmni or terminating other 
processes that utilize shared memory. 

This technique can be used for various HP-UX function 
failures. If the error number is not provided, it is extremely 
difficult to determine the cause of failure. Accordingly, the 
application vendor is the best resource for interpreting the 
message. i 


General HP-UX questions are answered by Bill Hassell, a support 
engineer at the HP Atlanta Response Center. He can be contacted via 
e-mail at bh@hpuerca.atl. hp.com. Workstation questions are answered 
by Susan Potter, an HP-UX system support engineer in the Atlanta 
Response Center. Her e-mail address is sup@atl. hp.com. 
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When introducing Windows NT into an established HP- 
UX environment, a variety of technologies enhance 
Windows NT and HP-UX interoperability. Two widely used 
HP-UX technologies are also available on Windows NT from 
a variety of sources. These are the X Window System (X 
Windows) and Network File System (NFS). I will cover X 
Windows in this article and NFS in an upcoming issue of 
hp-ux/usr. 

These two technologies come with the HP-UX operating 
system. You can buy versions that run under Windows NT and 
thereby bridge the gap between some fundamental differ- 
ences in operation between these two operating systems. 
Although there are many other important interoperability 
topics, and more products being introduced every week, I 
have decided to focus on these two products because of their 
wide use in the HP-UX community and the maturity of the 
Windows NT system products. The following two bullets sum- 
marize the approach I am taking to these two topics. 


m HP-UX Application Server That Displays on HP-UX Using 
the X Window System (covered in this article) —X Windows 
is the standard networked windowing environment on HP- 
UX systems. If you install X Windows on your Windows NT 
system, you can run applications on your HP-UX system 
and use X Windows on your Windows NT system to man- 
age those applications. The HP-UX system is acting as the 
application server but the applications are controlled from 
X Windows running on the Windows NT system. 

m Network File System (NFS) Used to Share Data—The next 
article covers using NFS to share data between Windows 
NT and HP-UX systems. NFS comes with HP-UX and by 
loading NFS on a Windows NT system you can freely access 
the HP-UX file system on the Windows NT systems and 
vice versa. 


Why the X Window System? 

HP-UX and Windows NT have distinct user interfaces. They 
are different and well suited for their respective operating sys- 
tems. If you have the luxury of using only HP-UX or only 
Windows NT, you won’t need to consider the most effective way 
to open a window from one system into the other. 

If, however, you want to access both HP-UX and Windows 
NT systems on a regular basis, you want to consider X Windows. 
The X Window System is an ideal way to get remote access to 
an HP-UX system while sitting on your Windows NT system. 


X Window System Background 

X Windows is a network-based windowing environment, 
not a system-based windowing environment. X Windows is an 
industry standard for supporting windowed user interfaces 
across a computer network. Because it is an industry standard, 
many companies offer X server products for operating sys- 
tems such as Windows NT (we'll get into the “server” and 
“client” terminology of X Windows shortly). X Windows is not 
Just a windowing system on your computer but a windowing 
system across the network. 

X Windows is independent of the hardware or operating sys- 
tem on which it runs. All it needs is a server and a client. The 
server and client may be two different systems or the same 
system; it doesn’t matter. The server is a program that pro- 
vides input devices such as your display, keyboard, and mouse. 
The client is the program that takes commands from the 
server, such as an application. 

The client and server roles are much different from those 
we normally associate with these terms. The X Windows server 
is on your local system—in this article it will be your Windows 
NT system—and the X Windows client is the application that 
responds to the server—in this article the HP-UX system run- 
ning a program such as the System Administration Manager 
(SAM) or HP SoftBench. We normally think of the small desk- 
top system as the client and the larger, more powerful system 
as the server. With X Windows, however, it is the system that 
controls X Windows that is the server; the system that responds 
to the commands is the client. I often refer to a powerful 
client as the “host” to minimize confusion over this. 

Sitting on one of the Windows NT systems on a network, you 
could open an X Window into several HP-UX hosts. You could 
therefore have one window open to HP-UX_System1 and 
another window open to HP-UX_System2, and so on. 


X Server Software 

There are many fine X Server products on the market. I 
loaded Exceed 5 from Hummingbird Communications Ltd. 
on my system for demonstrating how X Windows can be used 
in a Windows NT and HP-UX environment. Figure 1 shows 
the full menu structure on a Windows NT system after load- 
ing both Hummingbird’s X windows product Exceed and its 
NFS product. 

Not all of the items shown in the Programs-Exceed menu 
are related to X Windows. Many are for the networking 
products I’ll get into in the next article. 


deel X Windows and NFS Menu on a Windows 
NT System 


FIGURE 2 
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tithe xterm Running on HP-UX and Displayed 
on Windows NT 


The last menu pick under Exceed is Xstart. This menu 
oe pick allows you to establish an X Windows connection between 


The program is a terminal emulator for the X Window System, It 


provides DEC VT102 and Tektronix 4014 compatible terminals for q your Windows NT system and the HP-UX system. You can 
programs that can’t use the ane system ight, Ye wnene line | . : 

the SIGHINGH signal in systene derived fron 4,cbsd), MMH vill use” | specify the host to which you want to connect, the HP-UX 
the facilities to notify programs running in the window whenever it is : P e 

resized. | system in this case, the user you want to be connected as on 
The VT102 and Tektronix 4014 terminals each have their own window so 


that you can edit text in one and look at graphics in the other at the : the host, and the command to run on the HP-UX system. 


same time, To maintain the correct aspect ratio ¢height/width), 
Tektronix graphics will be restricted to the largest box with a 4014’s 


Se rotiard. iret: eee a, eee Figure 2 shows the Xstart window. 
The window in [gure 2is labelled “dtterm.” After you set up 


the Xstart window with the information you want, you can 
ie SAM Running on HP-UX and Displayed save the configuration. In this case I am issuing the déterm 
on Windows NT command, so I saved the window under this name. The com- 

plete dtterm command is: 


dtterm -background white -display 159.260.112.113:0 


This command will start a standard HP-UX dtterm window 
with a white background and display it on the system at the IP 
address 159.260.112.113. The IP address in this case is the 
Windows NT system on which you are issuing the command, 
which is the X Windows server. The :0 indicates that the first 
display on the Windows NT system will be used for dtterm 


because in the X Windows world it is possible to have several 


displays connected to a system. The system on which the com- 
mand runs is 159.260.112.111. This is the HP-UX system, 
which acts as the X Windows client. 


When you hit Run! from the pulldown menu, the dtterm 


command will be run on the host you have specified in the dia- 
logue box. Although you are typing this information on your 
Ah FP SoftBench Running on HP-UX and Windows NT system, this command is being transferred to 

Displayed on Windows NT the HP-UX system you specified in the Xstart box. This will 
have the same result as typing the dtterm command shown on 
the HP-UX system directly. When you hit Run! a dtterm 
window appears on your Windows NT system that is a window 


into your HP-UX system. 
Figure 3 shows the dtterm window open on the Windows 


NT system but running on the HP-UX system. The window 
has open the HP-UX manual page for dtterm and one of the 
pulldown menus of diterm. You could issue any commands in 
this dtterm window that you could issue if you were sitting on 
the HP-UX system directly. Keep in mind, though, that your 
access to the HP-UX system is based on the user you speci- 
fied in the Xstart window. ; 

You could use Xstart to run any program for which you 
have appropriate permissions on the HP-UX system. Figure 4 
shows an xterm window displayed on the Windows NT system 
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but running on the HP-UX system. You are by no means lim- 
ited to running only terminal windows such as dtterm and 
xterm under X Windows in this environment. You could per- 
form system management functions as well. Figure 5 shows the 
System Administration Manager (SAM), the system adminis- 
tration interface standard on all HP-UX systems, running on 
the HP-UX system and displayed on the Windows NT system 
with DCE Cell Management selected. In this case I have max- 
imized the SAM window to take up the entire Windows NT 
environment. You still have access to the Task Bar at the bottom 
of the screen. 

Another common use of X Windows software in this envi- 
ronment is for program development. Figure 6 shows the HP 
SoftBench development tool running on the HP-UX system 
and displayed on the Windows NT system. An application such 
as SoftBench opens up many X Windows on the Windows NT 
system; these are handled for you by the X server software. 

The technique of using X Windows on the Windows NT system 
to display applications running on the HP-UX system is power- 
ful in this heterogeneous environment. It is also inexpensive and 
simple to install. We can take this interoperability one step further 
by introducing data sharing into this mixed environment. In the 
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next article [ll cover using NFS running on Windows NT to 
mount HP-UX disks across a network. X Windows combined 
with NFS can provide solid interoperability technology to your 
Windows NT and HP-UX environment. L 


Based in the New York area, Marty Poniatowski is a technical con- 
sultant with Hewlett-Packard who works on both server and worksta- 
tion installations. He has written more than 50 technical articles in 
computer industry trade publications. He has also written four books 
published by Prentice Hall: The Windows NT and HP-UX System 
Administrator’s “How To” Book (1997); Learning the HP-UX 
Operating System (1996); HP-UX 10.x System Administration 
(1995); and The HP-UX System Administrator’s “How To” Book 
(1993). All can be ordered by calling (203) 377-4746. 
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This article poses important general security questions for 


managers, system administrators, and users of computer sys- 
tems, in an attempt to make those associated with computers 
think about security issues. While the author has worked mostly 
with UNIX systems, the questions posed are also applicable 
to any kind of computer, from server-based networked PCs 
to mainframe systems. 


Questions For Managers 


How seriously is security taken in your organization? Do your 
actions and policies reflect this? 

Do your overall business practices as they relate to com- 
puters reflect the importance of security to your organiza- 
tion? Is it obvious to everyone that security is important to 
you or do your practices suggest otherwise? 

Too often managers claim to be interested in security, but 
their actions say otherwise and the result is a break-in waiting 
to happen. 


Do you make it clear to employees why security is needed? Do 
they understand the advantages to them? Do they understand the 
risks to the company ? 

It should be clear to each and every employee why security 
is important. Losses to the company mean losses to employees 
and a less open, more restrictive environment. Training sessions 
should be held. You may wish to have employees and other 
users sign non-disclosure agreements. Managers should have 
regular informal feedback sessions with computer users to 
gauge their understanding of the importance of security. 

The author’s experience with companies to which he has 
provided security consulting is that managers may expect 
employees to know the importance of security, but rarely check 
to find out if they really do. 


Have employees bought into the importance of security? 

It is necessary but not sufficient for employees to under- 
stand the benefits of security and the consequences of its fail- 
ure. Employees must “buy into the program” or they will do 
what they can to get the job done in spite of restrictions 
imposed by security measures. If employees truly appreciate 
security and believe it is an integral part of their responsibil- 
ity, then it becomes easier to implement and even stricter 
security measures can be avoided. 


Do employees know what the security rules are and what the 
consequences for violations are? 

The specific security rules must be clear and concise. They 
have to be taught to each employee. Regular formal and infor- 
mal sessions must be held. It is not only necessary for users 
to understand the general ideas, but they must know the 
specifics for selecting good passwords and the consequences 
of giving them out to others. Employees must clearly know 
the potential as well as actual consequences for failing to prac- 
tice security. 


Are security violations taken seriously by management? 

What happens when a security violation occurs? Are viola- 
tors counselled or disciplined? Are all employees treated equal- 
ly or are high-level violators given wrist slaps but ordinary 
employees severely disciplined? Is it acceptable for managers 
to write down their passwords by their terminal but not for 
users to do the same? 


Is management more lenient toward those who are lax about 
security than those who cause a security breach? 

There is a difference between those who commit a security 
lapse, such as not having a good password, and those who 
commit a security breach by giving away the password. Are 
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such differences appreciated or are users nailed so hard for 
minor violations that they will cover up failures? The result 
could be a more catastrophic security problem later. 

Those who commit violations that do not result in a loss 
of security must be counselled and reminded that security is 
for everyone. Those who cause loss or destruction of data 
should be held strictly accountable. 


Are security measures practiced by managers? 

Employees will take clues from how managers act to help 
them decide how serious management is about security. 
Managers who violate their own rules are not taken seriously. 
I worked on a security problem where the only administrator 
password that could be broken belonged to a manager. How 
believable would he be to his employees when he tried to jus- 
tify stricter security? What message was he sending them? 

If actions are to be taken against employees for security 
violations, a creditable defense to management as well as in a 
lawsuit will be that the supervisors do the same thing. 


Do employees and administrators know their role in good security? 

Both users and administrators play a role in security. 
Managers should work closely with administrators to analyze 
vulnerabilities, design in security on new applications and 
systems, tighten security on existing ones, and prepare and 
analyze security plans and policies. 

User input is critical if you are to avoid security becoming 
so pervasive that it affects the ability to get the mission accom- 
plished or causes employees to find ways to get around it. 

The author’s experience is that non-technical managers 
ignore these issues because they don’t understand them. 
Security concepts don’t require a degree in Computer Science, 
but the questions need to be asked. 


Do you have a security incident plan? 

What is your plan ifa security breach is discovered? Do your 
users and administrators know whom to contact and how to do 
so? Do you know when to call law enforcement and when to 
contact your corporate counsel? Do you know how to treat infor- 
mation as evidence and how to protect it? What is your plan to 
protect your system from further loss if a problem is discovered? 
Should the system be shut down? Should remote access be dis- 
abled? All these things and more should be documented in a 
Security Incident Plan. Administrators and off-hours operators 
should know where the plan is and be encouraged to act on it. 
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Often these issues are ignored until a break-in occurs. Then 
a lack of planning causes additional problems. The author was 
involved in a case where management overreacted to a per- 
ceived security incident and could have been involved in a 
large lawsuit had not their attorney wisely recommended they 
say nothing until all the information was known. Users were 
locked out of the system and an administrator was suspected 
of misconduct. The facts showed that there was no breach and 
no violation of procedures but just a combination of miscom- 
munication and misunderstanding that was considerably wors- 
ened by the failure to have an Incident Plan in place. 


Is security treated as a positive or a negative? 

Is security considered a positive or negative in your orga- 
nization? What is the general attitude? Do users believe it is 
there to make their job difficult or there to protect them? Do 
you impose security rules or ask them for input on how to 
make their access easier while at the same time having good 
system security? Is security strong but transparent? 

If users know they won’t get a hassle if they need more 
capability, they are less likely to complain if they haven’t been 
given full access in the first place. On the other hand, if they 
have a job to get done and security prevents them from doing 
it, they will view it as a serious obstacle to success and may act 
inappropriately. 


Do you have a written security policy? When was it last updated? 

Few companies have a security policy and fewer put it in 
writing. What are users allowed to do and what may they not? 
What constitutes legitimate personal use? What is the role and 
responsibility of the administrator? Can users look at others’ 
files? Can they use the system any time they want or only to do 
certain jobs or during certain hours? When must permission 
be asked prior to doing something beyond the scope of their 
normal responsibilities? 

Do you plan to do something about users who violate 
unwritten, unknown policies? Do you think that idea will fly 
past your corporate counsel, much less an opposing attorney 
in a lawsuit? 

Have you updated your policy to account for WWW access, 
downloading files of questionable taste, encrypting files so 
managers can’t see what might be on systems for which they 
are responsible, and other issues that didn’t even exist a few 
years ago? Do you now have Internet access but don’t address 
it in your policy? 
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Do your systems clearly display that unauthorized use is prohibited? 

Government prosecutors have, at times, rejected trying 
criminal cases against hackers because system logins displayed 
“Welcome ...” instead of a notice advising that system access 
was restricted. 

Your initial message to all users should indicate that the 
system is restricted to management-authorized users and unau- 
thorized use is prohibited. It might also state that users’ key- 
strokes may be monitored. 


Have you sent your administrators to security training? 

Security isn’t magic. Hackers and malicious users are get- 
ting more sophisticated and have numerous readily available 
tools for attacking your system. Have you thought about send- 
ing your administrators to training courses on good security 
procedures? 

There are classes, seminars, and conferences on security 
and it might be a wise investment to send one of your admin- 
istrators to them. 


Do you have a process for monitoring compliance with your 
security policy ? 

You have set up your security policy and it prohibits cer- 
tain personal use, requires strict regularly changed passwords, 
and defines what users and administrators must and must not 
do. How do you verify all this? Do you have a way to check 
that the policy is being followed? 

Depending on how strict you need to be, how automated 
you can make the process, and how much users can be trust- 
ed, you may wish to check daily or not at all. If all your users 
are permanent trusted employees and only local access is pos- 
sible, then checking would not be as strict as when you have 
employees of customers or vendors dialing into the system or 
connecting across the internet. Similarly, a financial system 
would require more security than a training system. 


Do you have a process for evaluating the usefulness of your 
security policy and making needed changes? 

Once a policy has been established, is it cast in concrete? 
Do employees feel they can come forward and make sugges- 
tions to keep the security while at the same time relaxing the 
rules? Do you have a defined team for regularly reviewing the 
policy to take into account the latest technology? If CD-ROM 
writers that are now rare become common, do you have pro- 
cedures in place to recognize that an addendum will be need- 
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ed to define rules about duplicating not only computer CD- 
ROMS but copyrighted music CDs? 


Have you had an independent security audit? 

No matter how good an administrator is, an outside security 
audit is as important as an outside financial audit. You need 
to bring in someone to look at your policy, your procedures, and 
your system to see if they meet good security practice, as well 
as your requirements. A regular independent security audit is 
a must. If you don’t have a corporate team to provide such an 
audit, consider hiring an outside consultant. Make sure you 
know the credentials of any outsiders both as to their ability 
to do the auditing as well as their honesty and integrity. 


Have you done a vulnerability assessment? Have you followed 
up on it? 

Unlike an audit, a vulnerability assessment looks at how 
your system can be broken into and what the consequences 
would be. The analysis is intended to expose your weaknesses 
and must be carefully done. The resulting information should 
be carefully protected and immediate follow-up is critical to pre- 
venting any weakness from being exploited. 


Do you know your personal and corporate legal and fmancial 
vulnerability ? 

How vulnerable are you personally, and your company as 
an entity, for loss or public exposure of private data? Have 
you reviewed your liability and theft insurance to see if you 
are covered for employee lapses, security failures, computer 
break-in, and intentional contractor and employee actions 
that result in loss or improper public exposure? Are you pro- 
tected if an employee uses your system to break into some- 
one else’s? What if someone breaks into your system and, as 
so commonly happens, uses it as a springboard to attack other 
systems? Have you sat down with your corporate counsel to 
find out what needs to be done to minimize liability? 

Have you asked your counsel what is required to notify 
users that the system they are on is restricted for company 
use? Are your policies, warnings, and procedures legal? Are 
they enforceable? 


Do you know your legal obligations and responsibilities ? 

Do you know your responsibilities tfan employee attempts 
to break into a competitor’s system? Are you required to notify 
them even if the attempt failed? 


What do you need to do to ensure 
evidence is protected if someone breaks 
into your system? What constitutes evi- 
dence? 

Are you permitted to read users’ mail? 
When can you monitor keystrokes on 
user terminals? 


Have you asked your system administra- 
tors for their recommendations on securi- 
ty? 

It is important to sit down on a regu- 
lar basis with your system administrators 
to get their input on the effects of secu- 
rity on system performance, system 
usability, and system manageability. 
Adding too many security features to a 
system can slow the performance of the 
system itself and result in huge log files 
of little meaning. If users can’t accom- 
plish their jobs, their performance and 
morale will be affected. 

Can administrators adequately man- 
age the system? Administrators should 
be critically questioned as to their prac- 
tices and security procedures. Are they 
setting good examples? Are they regu- 
larly reviewing log files? Do they peri- 
odically test the system and evaluate its 
security? Are they providing you with 
recommendations on policy changes as 
they implement new technology? 


Do you ask vendors to explain the security 
of their products? Do you see if security is 
imbedded in a product or added on as an 
adjunct ? 

When vendors propose new equip- 
ment or software, do you ask them 
about security? Have they incorpo- 
rated it in the product? Does that 
database ensure that unauthorized 
users can’t just dump out raw data? 
Does that new system really have the 
ability to separate users from each 
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other or is it based solely on trust? 
How vulnerable is the product to 
break-ins? Does the product have the 
ability to integrate with products that 
provide encryption and secure autho- 
rization? What security standards 
does the product meet? 


Do you have in a high-level manager’s 
safe the current administrator passwords 
to your systems? 

It is amazing to watch what happens 
when solving a system problem requires 
administrator passwords and the admin- 
istrator cannot be reached. You need 
to have quick access to necessary pass- 
words, but at the same time you don’t 
want everyone to know those passwords. 
Do you have a good way to keep them 
protected yet have them available at any 
time no matter what happens? 

A good system is to limit the pass- 
words to as few people as possible but 
have your procedures allow essential 


personnel to go to a high-level manag- 
er to retrieve the password from a safe. 
Thus, a manager or manager’s secre- 
tary knows who asked for the password 
and when and why it was needed. 


Questions for Administrators 


Do you have security turned on? Is the 
default “ON”? 

Many systems come with optional 
security. Is it enabled on your system? 
Is the system set up so that when new 
users are added, security is maximized 
for them? Security should be turned on, 
then reduced if it is not necessary. 
Otherwise, it is entirely possible for the 
system to be compromised prior to 
securing it, thus leaving a back door 
already in place. 


Are you qualified to secure a system? 


The fact that you have the responsi- 
bility to administer systems doesn’t 
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mean you are qualified to make sure they are secured. Should 
you request that management send you to a security class? Do 
you understand your system’s vulnerabilities and strengths? 
Do you know how to activate security and what the “cost” is? 


Do you purchase or recommend security products? 

If you have authorization, have you evaluated or purchased 
encryption and authorization /access products? If management has 
to authorize purchase, have you recommended such products to 
them? Have you incorporated security products in your budget? 


Do you back up and protect security information? 

Do you separately back up security information such as 
anti-virus or sniffer programs? Do you separately keep and 
protect data on file and program checksums, versions, pro- 
tection information, and size? Are such backups protected 
from unauthorized access? 


Do you look at security data? 

If your system gathers data on successful and unsuccessful 
logins, do you look at it on a regular basis? Do you look at 
other security log files? Do you have some method of perus- 
ing the files for unusual activity? Do you have a way that the sys- 
tem can automatically notify you that there is a problem? Do 
you know about products that provide this capability? 


Do you do something about suspicious or out of ordinary things? 

When you see something out of the ordinary, do you imme- 
diately check it out? Do you verify that the unusual access 
really was by an authorized user by calling the user or the 
user’s manager? 


Do you practice security yourself in your everyday activities? 

Since users will likely take the administrator’s actions as 
their own, it is important that the administrator practice good 
security. Do you have your own back doors? Do you have weak 
passwords because it is easier? Do you bypass the lock to the 
computer room because you go in and out so often? Do you 
fail to sign in because everyone knows you anyway? Do you 
dial in from home when you are not supposed to because it’s 
easier than driving in to check up on a problem? 


Do you know of system weaknesses? Have you done anything 
about them? 


Administrators are the ones most likely to find system secu- 
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rity weaknesses. Have you contacted the vendor or filed a 
CERT advisory? Have you contacted management to warn 
them of the weakness? Have you taken actions to prevent 
problems or minimize their effect? 

In the past, many vendors provided by default “guest” 
accounts with no password or vendor support accounts with 
the same password on every system shipped. While this prac- 
tice has generally ended, you might ask your system or appli- 
cation vendor if such accounts still exist on your system. 


Are you using real security rather than “security by obscurity”? 

Simply not telling users about ways to do things improp- 
erly doesn’t constitute security. While this may work for unin- 
formed or unconcerned users, a knowledgeable user will be 
able to exploit system weaknesses. Is the only reason why your 
system is secure the fact that users haven’t gone down to the 
bookstore to read up on how it works? 


Does a high-level manager have a copy of the passwords? 

If you are unavailable, it may be necessary to get quick 
access to the system. You should be providing the current pass- 
words to a high-level manager who can protect them in a com- 
pany safe and who can authorize their release as necessary in 
case of emergency. This beats having to give out the admin- 
istrator password when you are gone just to ensure that you will 
not be disturbed when on vacation. 


Do you know the plan if a security incident occurs? 

As an administrator, you are a key element in protecting 
a system that has been broken into. Do you know manage- 
ment’s plan? Do you know whom to contact during off hours? 
Do you know if the whole system should be shut down? Is it 
acceptable just to disable network access or shut off remote 
modem access? Can you protect the system quickly and effi- 
ciently with minimal interruption? Do the operators know 
how to do it? Can you describe via phone to other users or 
managers how to shut down the system safely if you cannot be 
on site? Do you have written instructions easily available near 
the system? 


Do you teach new users good security practices? 

A new user will quickly develop habits based upon what is 
initially taught. Unlike long-time users, who might resent new 
security practices, a new user usually accepts almost any 
reasonable rule. The administrator can get the new users off 


on the right foot by advising them of security practices, by set- 
ting their accounts up properly, and by explaining how best to 
secure their personal files. 


Do you practice the concept of minimal capability? 

Do you initially give users only the capability they really 
need or do you give them full access? Sometimes it is best to 
minimize what new users can do, particularly if they are 
untrained or if they are on probation. Users will tend not to 
become resentful and will accept restrictions if you are will- 
ing quickly and without hassle to expand their capability as 
they need it. 


Do you practice open administration? 

Administrators who are open and friendly to users run into 
fewer problems when restrictions have to be imposed. On the 
other hand, if you act as if the system is your personal prop- 
erty and users are intruders, they will resent your security 
restrictions and will believe you are just trying to be the com- 
puter dictator. 


Do you keep a documented record of changes, patches, updates, 
and upgrades? 

Any system modifications should be carefully document- 
ed. Such information should be kept in a written log with a 
copy kept off site in case of fire or similar destruction. Do you 
have a logbook? Do you regularly update it? 


Do you minimize the number of people who know the adminis- 
trator passwords? 

It should not be necessary for everyone to know the admin- 
istrator passwords. If the only way that operators can perform 
their job is to have administrator access, then alternate methods 
need to be explored. If a vendor or other user has a tempo- 
rary need to have administrator access, the passwords should 
be changed as soon as the need is satisfied. 


Do you regularly review your security practices? 

You should take a critical look at your security practices in 
an attempt to improve them. You should encourage man- 
agement to require an outside security audit and cooperate 
fully with it. While it is natural to resent outside interference 
or the embarrassment of having an outsider expose a securi- 
ty weakness, it is far better than having to explain a break-in 
and data loss. 


Do you read security information? 

There are many excellent security books and manuals. 
There is also security information available on the Internet 
and from the Web. Do you keep up with the latest recom- 
mendations on firewalls? Are you current on encryption, 
authorization, and authentication techniques? 


Do you know about the CERT advisories? Do you know how to 
get them? Do you read them? Do you act on them? 

The Computer Emergency Response Team (CERT) 
publishes advisories on security. Do you know how to get 
their advisories and do you follow up with your ven- 
dors or check your system as necessary? Do you docu- 
ment in your log each appropriate advisory and what 
action was taken? 


Are you familiar with the strengths and weaknesses of 
applications you are using? Have you asked the vendors for 
security recommendations? Have you checked the security of the 
applications yourself? 

You should ask vendors of applications what they recom- 
mend to maximize security. Often high security will cause 
applications to fail because they were not properly designed. 
Such problems should be reported to the vendors and if appro- 
priate, to CERT. The vendor should be asked to provide an 
appropriate fix as soon as possible while you implement inter- 
im security and notify management. 


Do you ask or do you independently record the size, checksum, 
directory location, and protection access on third-party files and 
programs? 

When third-party vendors provide applications, you should 
request that they provide information so you can, at any time, 
verify the integrity of their files and programs. Typically, the 
product includes primarily programs and files that should not 
be modified along with a few that are designed to be customized. 

When I am called in as a security consultant after a break- 
in, this is one of the first pieces of information I ask for. While 
T usually know or can get the information on my company’s 
products, there is no way I can easily tell if someone has mod- 
ified a third-party vendor’s product since I don’t know what it 
should have been in the first place. Rarely have administra- 
tors asked the vendor for this information. The result is that 
the software may have to be re-installed from the originals 
and the customizations recreated. 


Continued on Page 36 


hp-ux/usr = may/junetoo7 KBR 


security concepts: the questions you 


There are tools that create the integrity verification infor- 
mation, but it must be done as soon as a product is installed 
to avoid having the information already compromised. 


Have you made regular security recommendations to manage- 
ment appropriate to their technical knowledge and the 
capability of your system? 

It is an administrator’s responsibility to warn management of 
weaknesses and to recommend security practices and products. 
Often when information is provided, it contains jargon too 
technical for the manager and nothing is done. You should 
make sure that management understands the security strengths 
and potential weaknesses so they can make informed decisions. 


Would a new administrator be able to maintain your security? 

The use of customized security procedures can do much for 
protecting a system. However, when such customizations are 
poorly documented or not documented at all, a new or addi- 
tional administrator cannot understand them enough to main- 
tain or properly use them. Any customizations should be 
clearly documented for easy maintenance. 


Questions for Users 


Do you understand how important security 1s in protecting your 
work? 

Most users understand that management has imposed secu- 
rity restrictions to protect the business but often they forget that 
it protects their work also. If there is a break-in on your system, 
do you have data that you would have to retype? Would you 
enjoy having to try to recreate that great proposal you wrote? 
Would you like your project delayed by days while your files are 
restored and then your work re-entered? 

Do you have anything out on your system that you would 
prefer not being public knowledge at this time? 


Do you understand that security protects you personally ? 

If someone breaks security on your system, he may use your 
identification to send malicious messages or to break in to other 
systems. You may be blamed and have to defend your integrity. 

While nothing may be proved against you, you may be 
viewed with suspicion. Management may publicly exonerate 
you, but your fellow employees may mistrust you. You need 
to understand the importance of security to you as well as to 
your organization. 
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Do you walk away from your terminal while still logged on? 

Even if you are only gone for a minute, someone can do 
damage in your name. Often that minute is interrupted by a 
conversation or a request for immediate action by a manager. 
If you forget, someone else may take advantage of you. 

I was involved in such an incident many years ago when a user 
left an unattended terminal and someone removed system files. 
Anything that is done in your name is going to be blamed on 
you and you need to be careful about protecting your terminal. 


Do you clear your screen when you log off? 

Often personal or system information can be gleaned just by 
looking at what was left on the screen. If you are entering, mod- 
ifying, or reading sensitive data, make sure that such data can- 
not be seen by someone after you get off the system and leave. 
Does the terminal or PC have screen memory that allows some- 
one to page back to look at previous data? If so make sure that 
the memory is erased or your workstation is turned off. 


Do you have back doors? 

Do you have a way to get on the system that bypasses stan- 
dard security? Such back doors often are used by malicious 
attackers to gain system access. If you can’t get to your system 
easily with normal procedures, then it is time to sit down with 
management and discuss making access easier without com- 
promising security. 


Do you try to beat the system? 

If you are told not to do things a certain way for security, do 
you try to beat the system? If the system checks for new pass- 
words that are the same as old ones, do you really make the new 
one different or just make minimal changes? If you are not per- 
mitted to add personal programs from home or from the net, 
do you do it anyway then create ways to hide what you did? 

The author was involved in an incident where users were 
developing programs that had bugs that caused disk files to 
be overwritten. Until the problems were worked out, they 
kept the backup tapes nearby to restore when necessary. 
However, policy required that all backups be stored off site. 
Because getting the backups from the offsite location took 
two days and extra paperwork, the users simply kept the back- 
ups locally and turned in blank tapes for offsite storage. Had 
there been a fire, the computer would have been replaced but 
all their programs lost. They risked the loss of months of work 
as well as their jobs to save a little time and trouble. 


Do you know what to do if you observe a 
security problem? 

If you observe strange behavior of pro- 
grams or something strange about a sys- 
tem that would lead you to suspect that 
there is something wrong, do you know 
your organization’s policy for doing some- 
thing and/or reporting the problem to 
management and administrators? Are 
you willing to say something? 


Do you understand the concept of weakest 
links? 

In any organization, the chain is only 
as good as the weakest link. If you are 
not practicing good security and some- 
one tries to break into your system, they 
are going to try and find that weak link. 
Once they have broken into the system 
using your identification, they will use 
that to try and gain administrator access 
or use your identification to attack other 
systems. It is important that your link 
not be the one that is weaker than the 
rest of the chain. 


Do you provide maximum protection 
(minimum access) for your personal files 
and programs? 

Do you practice the concept of min- 
imum access? Do you set your file 
and/or program protection to allow oth- 
ers to access only what is necessary? If 
you have the need to share files, sepa- 
rate them from your other work in a sep- 
arate directory so other users cannot 
even read your private files. 


Do you back up your work if it is not 
done often enough by administrators? 
Administrators back up (or should 
back up) the system regularly. How often 
this is done depends on overall system 
needs, time and personnel availability 
and is a tradeoff between the potential 


loss of data and the “cost” of doing the 
backup. As a group, users’ files might 
not change very often. But yours might. 
You could be doing a special important 
report with a lot of new work. You might 
regularly make more changes than oth- 
ers. You might work on files for which 
the data is all new. Therefore, if loss of 
data will result in a high cost to replace 
it, you should either back up your work 
individually or have your administrator 
perform a special backup. 

Your backup might consist of tape or 
floppy copies of your files or even dupli- 
cate files in a backup directory. In any 
case, you need to ask yourself if you can 
afford the loss of data. 


Do you check your files for unauthorized 
changes? 

Often a break-in is first detected by a 
user who notices that files or programs 
have been modified or accessed while the 
user was not logged on or was on vacation. 
You should be aware of changes in your 
files that are abnormal. While it may be 
true that you occasionally have lost data 
through your own error or because of “just 
one of those things you expect to happen,” 
you should assume that any data change 
not directly attributable to a specific action 
on your part should be investigated and 
possibly brought to the attention of man- 
agement or administration. 


Do you know what you are allowed to do 
and what you are prohibited from doing? 

You should know what constitutes 
acceptable behavior on your system and 
should ask management if you are not 
sure. Can you send personal e-mail out- 
side the company? Can you download 
files from the Internet? Can you look at 
other users’ files? Can you browse the 
system? Can you give out your password 


in an emergency and what should you 
do if you have had to do so? What infor- 
mation sent to you electronically can 
you forward to others? 


Are you observant about unusual activity? 
Is someone logged in who is known to 
be on vacation? Is there activity on cer- 
tain ports when there never is at that time 
of the day? Have some seemingly innocu- 
ous files been changed for no apparent 
reason? Do dialout telephone line charges 
seem unusually high or are they for des- 
tinations that don’t make sense? Are there 
some unknown files on the system? 


Summary 

These questions are intended to make 
managers, administrators, and users 
think about their responsibilities in 
making a computing environment 
secure from malicious attacks from out- 
side as well as inside an organization. If 
you don’t address these issues, you are 
much more likely to be someone calling 
the author or another security consul- 
tant as well as law enforcement to ask for 
help after a problem. 0 
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Going from C++ to Java 


The official release of the Java Developer’s Kit (JDK) 1.0 
by Sun Microsystems in May 1996 drew a flurry of attention for 
this Internet programming technology. New products to pro- 
mote Java development have been appearing in a steady 
stream. Symantec Visual Café 1.0, Microsoft Visual J++ 1.0, 
Asymetrix SuperCede 1.0, and Hewlett-Packard’s HP-UX 
Developer’s Kit for Java 1.02 are just a few examples. 

The Java programming language has many syntactic simi- 
larities to C and C++. Java is an object-oriented language, not 
a procedural language. In many ways, one can think of it asa 
highly simplified version of C++ with some unique features 
of its own. Experienced C programmers who have yet to be 
exposed to C++ will learn Java more easily than C++. Many of 
the tricky or controversial features of C++, such as operator 
overloading, multiple inheritance, and templates, are not 
available in Java. Java does not even support pointer variables 
(no address of (<) and de-reference (*) operators). 

As a multi-paradigm language with numerous features, C++ 
gives unbridled freedom to the software developer. The devel- 
oper is free to write code that is creative, convoluted, or con- 
fusing. This freedom means the programmer must thoroughly 
understand the language and use its features intelligently. 
Such technical maturity does not come right away; it requires 
many years of dedicated practice. 

Java, on the other hand, reduces the enormous number 
of choices the programmer must make and provides a better 
atmosphere for him to become successful. As an object- 
oriented language, it is much more philosophically consis- 
tent than C++ and does not carry any of the baggage of the 
past. If you are a practitioner of encapsulation and an oppo- 
nent of spaghetti code, you will appreciate the lack of frend 


functions and goto. 


Experienced C++ developers should not have too much 
difficulty integrating Java into their technical skill set. It is 
mostly a matter of unlearning some things, understanding 
the equivalent things, learning some new things, changing 
habits, and a lot of practice. This article will talk about some 
key differences between Java and C++. I will be explaining this 
from the Java perspective with the assumption that the reader 
has had some experience with object-oriented programming 
in C++. 


Java as a Development Environment 

Unlike the traditional approach in which a compiler generates 
a binary code file that can be executed only on the target platform, 
the Java compiler (named javac) takes the source file (with .java 
extension) and produces a bytecode file (with .class extension). 
The bytecode file is a set of special instructions to be executed by 
a program called the virtual machine. Any operating environment 
with a Java virtual machine (named java) can execute a Java byte- 
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code file. The virtual machine can be a separate program resid- 


ing in the file hierarchy of some operating system or it can be 
built into a Java-aware Internet browser such as Netscape Navigator 
Version 2.0 or higher. 

The Java scheme for doing software development is very 
attractive because one can write the code once, transfer it to 
any platform with Java virtual machine support or a Java-aware 
Internet browser, and expect the code to run predictably (at 
least that’s the noble objective). For a software firm, there are 
no longer expensive campaigns to port code to accommo- 
date target platforms. 

As a simple example, suppose I have the source file called 
Tutor java shown in Listing I (an abbreviated listing). To com- 
pile the program, 


javac Tutor.java 


is executed from a command line. 


If successful, the result is a bytecode file called 
Tutor.class. Assuming the bytecode file represents 
a stand-alone program and not an applet (which 
can be executed only from within a browser), the 
program can be launched from the command 
line: 


java Tutor 
The file extension is understood to be .class. 
Memory Management: 


Service or Do It Yourself? 
As an experienced C or C++ programmer, 


Community 


do you remember all of the long hours spent 
searching for dangling pointers and missing 
statements to free dynamically allocated heap 
memory? Conscientious memory management was difficult 
enough with C, but with C++, this task took on a new dimen- 
sion of complexity (throwing exceptions without deleting 
what's already allocated, forgetting to use delete [] for arrays 
of objects, missing virtual base class destructors, etc.). 

Now, Cand C++ programmers can breathe a sigh of relief. 
Thanks to garbage collection built into Java, programmers 
need not worry about freeing dynamically allocated memory 
when it is no longer useful. Periodically, the built-in garbage 
collector checks each block of allocated memory. If a block has 
no variables referring to it, the block is returned to the free 
pool, where other threads and processes can use it. 

The Java programmer needn’t write code to call the garbage 
collector. However, if he wishes to invoke garbage collection 
explicitly, he can do so with the statement: 


System.gc(); 


The garbage collector eliminates the need for operations like 
free() (from C) and delete (from C++). 
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Tutor.java 


import java.awt.*; 

import java.io.IOException; 

import Humans.*; 

public class Tutor extends Pupil { 


public Tutor(String mm, String id, char sx, int yrs, String sc, int lv, String sj, String prof) 


// statements 

} 

public void DisplayData() { 

// statements 

} 

private String subject; 

private String professor; 

public static void main(String args|[|]) { 


Tutor fred = new Tutor(“Fred”, “630-22-0980", ‘M’, 35, “University of California, 


Santa Cruz’, 


4, “Mathematics”, “Dr. Jane Garvin"); 


fred.DisplayData (); 
} 
} (/ end of class Tutor 


Move Aside, ASCII, Unicode Is Here 

In Cand C++, the character is represented by a single byte 
(8 bits) in the form of the built-in char type. With eight bits, a 
maximum of 256 characters can be represented and over the 
years the ASCII collating sequence became the accepted order- 
ing of these characters. 

On the other hand, Java has adopted Unicode, a two-byte 
standard for character representation. Each Unicode char- 
acter is a sixteen-bit unsigned value. With Unicode, as many 
as 65,536 characters can be represented! This means that non- 
Roman languages such as Chinese and Korean can be accom- 
modated very comfortably. 

The ASCII collating sequence is actually a subset of Unicode 
and this sequence appears as the first 255 characters in the 
Unicode sequence. 

In both Java and C++, the ‘V or backslash is used as an 
escape character to help represent special character values, 
such as the backspace, newline, single quote, and double 
quote. The following special characters are shared by both 
Java and C++: 


\n newline 

\r carriage return 
\b backspace 

\t tab 


\f formfeed 
bt single quote 
v double quote 
\\ backslash 


A statement such as 


char backspace = ‘\b’; 


would declare a char variable called backspace and have it 
initialized to \b (the character value is bounded within 
single quotes). 

C and C++ have a few additional special character values that 
are not available in Java (because of conflicts with Unicode). 


They are: 
\a bell 
\? question mark 


\v vertical tab 


In Java, there is a special way to represent a character by its 
encoding scheme in hexadecimal. For instance, the declaration 


char alpha = ‘\u0391'; 


means that the char variable alpha is initialized to the char- 
acter corresponding to hexadecimal value 391 (931 in deci- 
mal), which is a capital Greek alpha. The \w in Java denotes a 
hexadecimal number. The entire Unicode sequence would 
range from “‘\w0000' to “\whFFF’. 


The Primitive Types of Java 

Among the traditional obstacles C and C++ developers face 
when they build applications for multiple platforms are the 
sizes of the built-in types. The primitive int type is two bytes 
on some machines and four bytes on others. Similarly, the 
long type is sometimes four bytes, sometimes eight bytes. 

To add to the confusion, a char type may be understood to 
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JAVA Primitive Types 


TYPE SIZE DESCRIPTION 


A boolean can either be true or false, It cannot be cast to 
another type, such as int. 


boolean 1 bit 


16-bit, unsigned integer Each char is a Unicode code. 


8-bit, signed twos complement Range is -128 to 127. 


16-bit, signed twos complement Range is -32768 to 32767. 


32-bit, signed twos complement Range is -2147483648 to 2147483647. 


64-bit, signed twos complement Range is «283 tg 263. 4, 


32-bit IEEE 754 single-precision Range is about -3.4£38 to +3.4E38, 


Accuracy is about six to seven significant decimal places. 


double 64-bit IEEE 754 double-precision Range is about -1.7E308 to +1.7£308, 


Accuracy is about 14 to 15 significant decimal places, 


be signed or unsigned, depending on the vendor’s implemen- 
tation on the target platform. 

Java removes the guesswork on the sizes of the primitive 
types and whether a type is signed or unsigned by default. 
Table I describes each of the Java primitive types. 

Being of fixed size, all of the Java types are platform-inde- 
pendent. Unlike C and G++, Java does not have a sizeof oper- 
ator. The predictability of the sizes for the primitive types 
contributes to the portability of Java programs. 


The Operators of Java 

Java shares many, but not all, of the operators of C++. There 
are a few operators in Java that are not in C++. In addition, the 
operator precedence and associativity of Java is very similar 
to that of C++. 

Since Java has no pointers, the familiar ->, @, and * oper- 
ators (member selection, address of, and de-reference operators) are 
nonexistent. Rather, pointer semantics are implemented in 
the form of reference variables (which are actually analogous 
to C++ references) for user-defined types. By the same rea- 
soning, the .* and ->* operators (pointers to class members) 
are also nonexistent in Java. 

The scope operator (.:) is nonexistent in Java. The mem- 
bership operator (.) can also be used to identify a member 
from a particular class or particular namespace. For instance, 
in C++, we might have 


Pets: :Bird: :getData() ; 
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where getData() is a member function of class Bird, which 
is a member of namespace Pets. In Java, this would be writ- 
ten as 


Pets.Bird.getData() ; 


In this case, Pets would be a Java package, the equivalent of 
the C++ namespace. 

Java objects are created from heap memory with a form of 
the new operator, but there is no delete operator as in C++. 
When an object goes out of scope and there are no longer 
any references to it, the Java garbage collector automatically 
deallocates the heap memory. The Java programmer need 
not worry about dynamic memory management (but there 
may be other resources he needs to keep in mind for cleanup, 
such as input-output stream connections). 

In Java, the right shift operator (>>) is used to do a signed 
right shift, meaning that the value of the sign bit will fill the 
high bits as shifting occurs. On the other hand, the >>> oper- 
ator means to perform an unsigned right shift, meaning that 
the high bits are zero filled (including the sign bit). The >>> 
operator is unique to Java and does not exist in C++. 

In C++, the meaning of the right shift operator (>>) is very 
ambiguous. It can be either a signed shift or an unsigned shift, 
depending on the particular vendor’s implementation. This 
ambiguity is an historical obstacle to portability. 

The left shift operator (<<) will perform a left shift with 
zeros filling the lower bits. The lower order bits will also shift 
into the sign bit. A <<< operator does not exist. 

Java has an operator called instanceof, which can be used 
to determine the type of the object. For example, if we have 
if (manual instanceof Book) 
System.out.println(“manual is a Book with author 
“+ ( (Book)manual) .getAuthor () ) ; 
else 

System.out.println(“manual is NOT a Book”); 

Variable manual would refer to an object of type Book or sub- 
type of Book if the condition (manual instanceof Book) is true. A 
subtype would be a class derived from Book. 

Unlike CG, Java does not support the comma (,) ‘operator for 
grouping expressions. In C, we could have something like 


foo(numl, num2, (num3 = 5, num4 = 3 * num3)); 


where the third argument to function foo() is evaluated from 
left to right, resulting in a value of 15. 

The + operator in Java takes on the special meaning of 
string concatenation and is frequently used with the String 
class, which is part of the default java.lang package. Unlike 
C++, Java does not support operator overloading for user- 
defined classes. The use of the + operator for string concate- 
nation is the only exception to this rule in Java. 


The Anatomy of a Java Class 

Whether you are programming in Java or in C++, the class 
is the basic blueprint for object creation. The class models a 
real-world entity, an idea, or an event. Provided it is well con- 
ceived, it is an encapsulated unit of attributes and behaviors. 
By encapsulated we mean that the attributes, which represent 
the internal state of the object, are hidden from the outside 
world. Any access to those attributes is through the behaviors, 
if that is what the class designer intends. 

Java has its own set of terminology for attributes and behaviors. 
An attribute in Java is called a variable or field (data member in 
C++). A behavior is called a method (member function in C++). 

The variable may be an instance variable or class variable. 
Instance variables (which are non-static) are unique per 
instance while class variables (which are declared static) apply 
to all instances of the class. 

Now, let us look at the simple example of a Java class in 
Listing 2 to see its basic syntactic anatomy. The execution of 
that code would display the following on the standard output 
device: 


(0,0) 
(7717) 
(191,25) 
(-9,21) 
(37,=93) 
(=15,72) 


A first look at the example reveals the following differences 
from a C++ class: 

Java does not have a preprocessor that does macro string 
substitutions as in C or C++. Instead, classes that are to be 
reused are stored in packages such as java.langand integrated 
into the client program with the import statement. The asterisk 
of java. lang. *means to import all classes of package java.lang. 

Package java.lang is part of the Java language itself and is 


LISTING 2 


always imported into a program by default. The redundant 

statement is illustrated to introduce the meaning of import. 
The definition of the class begins with the class keyword 

and its variables and methods are enclosed within braces: 


[modifiers] class { 
// members 


A class can also have optional modifiers that regulate the vis- 
ibility of its members to clients. Since class OrderPairis declared 
public, its non-private members may be accessed by classes 
inside or outside the package containing OrderPair. The lack 
ofa modifier (the default) would mean its non-private mem- 
bers are accessible only to classes in the package containing 
OrderPair. 

A package is a logical grouping of classes and I will illustrate 
how a package can be constructed a little later. 
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Note that there is no terminating semicolon (;) after the 
right brace of the class body. 

The variables and methods are enclosed within the body 
of the class. Each of these members could also take an option- 
al modifier. Generally speaking, variables hold data and are kept 
private while methods are non-private. The Java modifier is 
equivalent to the use of the C++ private, protected, and public 
keywords for specifying access regions within the body of the 
class. 

In Java, the use of an explicit modifier is applied on a mem- 
ber-by-member basis. In addition, the lack of a modifier key- 
word is the default, which provides access to the member only 
for classes within the package. 

One important difference in the Java class anatomy is that 
the method implementations are included within the body 
of the class. While this approach to coding can also be taken 
in C++, it is discouraged as professional developers will often 
conceal the member function implementations from users 
of their classes. In C++, the class declarations and its member 
function prototypes are placed in header files (./ or .hh files); 
the function implementations (in .cpp or .C source files) are 
compiled and placed in object code libraries. 

In Java, the sources for the classes are compiled into byte- 
code files (‘class files) and placed into packages. There are no 
header files. Instead, the developer can use a JDK utility such 
as JavaDoc to document the purpose of the class and its method 
prototypes. 

As in C++, the Java class can have any number of con- 
structors. The no-argument default constructor is the com- 
piler default. 

Unlike C++, Java does not support the initializer list notation 
nor can arguments assume default values. 

There are no destructors in Java. 

The OrderPair class above constitutes an executable pro- 
gram of its own. As such, it must implement a mazn() method. 
The main() method must have modifiers public and static, 
return void, and take an argument list of (String args[]) (args is 
an array of references to String objects). The main() method 
is the entry point for program execution. 

The signature of the main() method is used to accept com- 
mand line arguments. In C or C++, the signature for mazin() is 
typically (int argc, char ** argu), where argcrepresents the num- 
ber of command line arguments. However, this second argu- 
ment is unnecessary in Java because Java arrays know their own 
length or number of elements. To find the number of com- 
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mand line arguments passed to mazn() in Java, one evaluates 
args.length. The length variable is strictly a read-only variable 
(called a finalvariable) built into the Java array mechanism. 

The main() method of class OrderPair simply instantiates a 
number of OrderPair objects and displays their contents. We can 
declare a reference to OrderPair and have it refer to a newly 
instantiated object: 


OrderPair prl = new OrderPair(); 


The statement will use the no-argument default constructor 
of OrderPaiv. The parentheses are necessary. 

A reference variable may also be declared without having 
it refer to an instance right away. In such cases, it is good prac- 
tice to initialize it to null: 


OrderPair pr2 = null; 


Finally, an array of references to OrderPair can be declared 
and initialized to an array of newly instantiated objects: 


OrderPair pair[] = { 
new OrderPair (19,25), new OrderPair(-9,21), 
new OrderPair (37, -93), new OrderPair(-15, 72) 


}; 
As in C or C++, array indexing always begins with zero. 


The this Keyword in Java 

In C++, the this keyword represents a pointer to the object 
doing the calling of a member function. In Java, the this key- 
word has a similar meaning, except the keyword represents a 
reference to the object doing the calling. 

With respect to the OrderPair class, the prntXY() method 
could be rewritten with the this keyword: 


public void printxy() { 
System.out.print1n(“("“+this.x+",”+this.y+")”); 
} 


Of course, the use of this is not required for this example. 
However, there is an alternative way to use this in Java that is 


not available in C++: 


public OrderPair() { 


this (0,0); 
} 


The above means that constructor OrderPair() is using construc- 
tor OrderPaar(int, int) with zeros for xand y. This scheme allows one 
constructor to handle all of the implementation details and have 
the other constructors call it. 


Grouping Java Classes into Packages 

The Java package can be thought of as a logical grouping of 
related classes. The classes need not be within the same class 
hierarchy. It is roughly equivalent to a C function library or a 
C++ class library. 

The Java package allows the developer to (1) organize classes 
for specific purposes and (2) provide others the benefit of 
using what already has been developed. In order to re-use an 
existing class that belongs to a package, the import statement is 
used at the top of the source file, as in 


import Animals.Humans.Person; 


Asa logical grouping, the package is actually related to a par- 
ticular path and directory. All of the classes of the package 
are stored within that directory. To find the class of interest, 
Java employs a particular search mechanism to locate the 
package referenced by the import statement. There are three 
aspects to this scheme: 

First, there is the environment variable CLASSPATH. 

Second, there are one or more component package names. 
These component package names are concatenated together 
with the class name (with periods) to form the fully qualified 
class name: 


package_comp_1. [package_comp_2] . [package_comp_n] .class_name 


Third, there is the final component, the class name. An 
asterisk (*) in the last position would mean ail classes of the 
package. 

Let us look at each aspect, beginning with the environ- 
ment variable CLASSPATH, which is set in different ways 
depending on the operating system you are using. 

If you are using Windows/95 or Windows/NT 3.5 or higher, 
CLASSPATH can be set through the Control Panel utility. If you 
are using Windows/95, a statement such as the following can 


be placed inside the AUTOEXEC BAT file: 
set CLASSPATH= .;C:\Java\Lib\classes.zip; C:\JAVAPAKS 


A semicolon separates each possible path. The lone period (.) 
represents the current directory. The .;C:\ava\Lib\classes.zip 
portion is actually part of the initial setup of the Java Developer’s 
Kit. The classes.zip file is part of the JDK and is a special con- 
densation of all the standard Java packages. 

The remaining clauses of CLASSPATH, such as C:\fAVA- 
PAKS, are for the containment of user-defined packages. 

The directory and path names are not case sensitive. 

If you are using UNIX or HP-UX with the Bourne or 
Korn shells, the following line can be placed within the 
.profile turnkey file (or it can be entered via the com- 
mand line): ; 


CLASSPATH=/Java/Lib/classes.zip:/JAVAPAKS:.; export CLASSPATH 


The directory, path, and file names in UNIX are case sensitive. 

If you are using UNIX or HP-UX with the C shell, the fol- 
lowing line can be placed within the .cshrc turnkey file (or it 
can be entered via the command line): 


setenv CLASSPATH /Java/Lib/classes.zip:/JAVAPAKS: .; 


The complete path to the class to be imported is a con- 
catenation of a path clause from the CLASSPATH variable and 
the leading components of the package name. Suppose we 
are working from a Windows/NT environment (see Figure 1) 
and our classes are contained within the path 


C: \JAVAPAKS\Lifeforms\Animals\Humans \ 


For this example, there are three classes within the package: 
Person, Pupiland Tutor. 

The total package name will depend on how we select the 
paths for the CLASSPATH variable. This will also influence 
how the programmer will use the import statement within his 
Java source files. Suppose the programmer wanted to import 
class Person. Table 2 shows the possible combinations. 

To import all the classes (Person, Pupil and Tutor) of the 
package, he would use the asterisk (*) in place of a class name: 


import Lifeforms.Animals.Humans.*; 
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FIGURE 1 Example Classes in Windows/NT 
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Importing Combinations 


CLASSPATH PACKAGE NAME IMPORT STATEMENT 


C:\JAVAPAKS\ Lifeforms.Animals.Humans import Lifeforms.Animals.Humans.Person; 


C:\JAVAPAKS\Lifeforms\ Animals.dumans import Animals.Humans.Person; 


C:\JAVAPAKS\Lifeforms\Animals\ Humans 


import Humans,Person; 


or 

import Animals.Humans.*; 

or 

import Humans.*; 

for each of the three cases, respectively. 


Introducing Inheritance 

The notion of inheritance in object orientation denotes 
an “is-a” relationship. For example, a Caris a type of Vehicle. We 
say that class Caris a subclass (or derived class) of class Vehicle. 
Another way to express this relationship is to say class Vehicle 
is a superclass (or base class) of class Car. The act of subclass- 
ing is to take an existing class and to specialize it, either by 
overriding behaviors inherited from the parent or by adding 
new behaviors. 

In C++, the public keyword is used to denote inheritance. In 
Java, the equivalent to public is the keyword extends: 
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class Car extends Vehicle { 


Unlike C++, Java supports only single inheritance. In other 
words, a class can be extended from only one superclass. In 
addition, Java does not have anything such as private inheri- 
tance (something like class Car : private Vehicle) or virtual base 
classes (something like class Car : virtual public Vehicle). 

Java does allow inheritance from an interface, which is a 
form of abstract class. We will look at interfaces a little later. 

Another way Java differs from C++ is in the notion of mod- 
ifiers being applied to a class. If we apply the public keyword to 


class Car: 


public class Car extends Vehicle { 


then all of the members will be visible to any class inside the 
package containing class Car or to any class outside of the pack- 
age containing class Car. 

If the public keyword is omitted, the members of class Car 
will be visible only to classes within the package that contains 
Car. This is the default visibility level for a class. Classes that 
are members of other packages have no visibility to the mem- 
bers of Car. It is important to remember that the lack of a mod- 
ifier means visibility from within the package. 

The private and protected keywords cannot be applied as 
modifiers of a class. 


Applying Java Modifiers to Fields and Methods 

The rules governing access to members of a class are more 
complicated in Java than in C++. It is basically a combination 
of the visibility modifiers at the class level and access modifiers 
at the member (field and method) level. In terms of keywords 
that are in common with C++, we have the following Java mod- 
ifiers: private, private protected, protected, public, and the default 
(the lack of a keyword). 

When it comes to the ability to access a member, the 
following dimensions must be kept in mind: (1) subclasses 
versus non-subclasses (i.e., classes belonging to another part 
of the class hierarchy which have no lineage to the class in 
question), (2) access to the method through inheritance or 
through an instance, (3) access to the methods of classes that 


reside within the package of the class in question or outside 
of the package of the class in question. 

In the previous example with class OrderPair, we have seen 
the use of the private and public modifiers on its members. A 
private member is accessible only to methods of the same 
class. Furthermore, private members cannot be inherited by 
subclasses. On the other hand, a public member certainly can 
be inherited by subclasses of the same package or by subclasses 
from a different package and public members can be accessed 
through instances of the class by methods of subclasses or 
non-subclasses, whether these classes are in the same or a 
different package. 

Now, what about private protected and protected? Surprisingly, 
the Java protected keyword does not carry the same meaning 
as the C++ protected keyword! Rather, the Java private protected 
keyword combination (or protected private) comes closest in 
semantics to C++ protected. These differences are best under- 
stood with a few examples. Suppose we have the code in Listing 
3.The execution of that Java code would produce: 


Name = Wes 

SSN = 570-45-1287 

Gender = M 

Age = 17 

Name = Yvonne 

SSN = 630-22-0980 

Gender = F 

Age = 22 

School = Univ. of Washington 
Level = 3 

Name = Yvonne 

SSN = 630-22-0980 

Gender = F 

Age = 23 

School = Univ. of Washington 


Level = 3 


The boldfaced code contains the main points of the example. 

The Java private protected members, whether they are fields 
or methods, can be inherited by the subclasses of the base 
class. The subclasses may be in a package different from the 
package containing the parent class. 

In the example, class Pupil inherits methods getAge() and 
setAge() from class Person and accesses these methods in the 
body of its incrementAge() method. 


Like C++ protected members, Java private protected members 
cannot be accessed through client code. For instance, class 
InheritDemol has no direct relationship to the Person-Pupil 
hierarchy. If its public static main() method contained the state- 
ment 


yvonne. setAge (30) ; 
// Illegal! Person.setAge() is private protected. 


the compiler would flag this as an error. 

In addition, the methods of a derived class cannot access 
the private protected members of the superclass through instances 
of the superclass. For example, if class Pupil included the 
following method: 
void adjustAge(Person individual, int new_age) { : 

individual .setAge (new_age) ; // Illegal! 


} 


the compiler would flag the statement individual. setAge(new_age); 
as an error because individualis a reference to a Person object. 
However, if ¢ndividual represented a Pupil or a subclass of Pupil, 
then the statement would be legal. In summary, this behavior 
is equivalent to a protected Pupil::adjustAge(Person &, int) 
counterpart in C++. 

Now that we understand the meaning of private protected, 
what is the meaning of protected in Java? Suppose we make 
selective changes and additions to the Person and Pupil classes 
shown in Listing 4 (unchanged statements are not listed). 
Changes or additions to the previous example are boldfaced. 
The execution of RunInheritDemo2.main() would yield the 
following: 


Name = Wes 

SSN = 570-45-1287 
Gender = M 

Age = 17 

Name = Wes 

SSN = 570-45-1287 
Gender = M 

Age = 20 

Name = Yvonne 
SSN = 630-22-0980 
Gender = F 

Age = 22 
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// Source file: Person.java 
package Humans; 
import java.awt.*; 
import java.io.IOException; 
public class Person { 
public Person(String mm, String id, char sx, int yrs) { 
name = new String(nm); 
ssn = new String (id); 
gender = sx; 
age = yrs; 


} 
public void DisplayData() { 
System.out.print (“\n\nName = “+name); 
System.out.print(“\nSSN = “+ssn); 
System.out.print("“\nGender = “+gender) ; 
System.out.print("“\nAge = “+age); 
System. out .flush() ; 
} 
private protected int getAge() { 
return age; 
} 
private protected void setAge(int yrs) { 
age = yrs; 
} 
private String name; 
private String ssn; 
private char gender; 
private int age; 

} 

// Source file: Pupil.java 

package Humans; 

import java.awt.*; 

import java.io.IOException; 

public class Pupil extends Person { 


Muolic Pupil (String mm, String 1d, Guar sx, int yrs, String sc, int ly) { 
super (mm, id, sx, yrs); // Call Person (Stving, String, char, int); 
scnool = new String(sc) ; 

Class level = lv; 


} 
public void DisplayData() { 
super .DisplayData () ; // Call Person.DisplayData() ; 
System.out.print(“\nSchool = “+school) ; 
System.out.print(“\nLevel = “+class_ level); 
System. out.flush() ; 
} 
public void incrementAge() { 
int curr_age = getAge(); 
setAge(++curr age); 
} 
private String school; 
private int class level; 
} 
// Source file: InheritDemol.java 
import java.awt.*; 
import java.io.IOException; 
import Humans.*; 
public class InheritDemol { 
public static void main(String args[]) { 
Person wes = new Person(“Wes”, “5/0-45-1287"”, ‘M’, 17); 
wes .DisplayData() ; 
Pupil yvonne = new Pupil(“Yvonne”, “630-22-0980", ‘F’, 22, “Univ. of 
Washington”, 3); 
yvonne .DisplayData () ; 
yvonne. incrementAge () ; 
yvonne .DisplayData() ; 
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// Source file: Person. java 
package Humans; 
import java.awt.*; 
import java.io.IOException; 
public class Person { 

// The constructor and DisplayData() are unchanged 

protected int getAge() { // Formerly private protected 

return age; 

} 

protected void setAge(int yrs) { // Formerly private protected 

age = yrs; 

} 

// Private fields are unchanged 
} 
// Source file: Pupil.java 
package Humans; 
import java.awt.*; 
import java.io.IOException; 
public class Pupil extends Person { 

// The constructor, DisplayData() and incrementAge() are unchanged 


public void adjustAge(Person individual, int new age) { . 
// New method 

individual.setAge (new age); 4) 

} 


// Private fields are unchanged 
} 
// Source file: InheritDemo2.java 
package Humans; 
import java.awt.*; 
import java.io.IOException; 
public class InheritDemo2 { 
public static void main(String args[]) { 
Person wes = new Person(“Wes”, “5/0-45-1287”, ‘M’, 17); 
wes .DisplayData(); 
wes .setAge (20); 72) 
wes .DisplayData(); 
Pupil yvonne = new Pupil(“Yvonne”, "630-22-0980", ‘F’, 22, “Univ. of Washington”, 3); 


yvonne .DisplayData (); 
yvonne. setAge (30); 3) 
yvonne. DisplayData () ; 
} 
} 
// Source file: RunInheritDemo2. java 
import java.awt.*; 
import java.io.IOException; 
import Humans.*; 
public class RunInheritDemo2 { 
public static void main(String args[]) { 
InheritDemo2 .main (null) ; 
} 
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School = Univ. of Washington 
Level = 3 

Name = Yvonne 

SSN = 630-22-0980 

Gender = F 

Age = 30 

School = Univ. of Washington 
Level = 3 


The protected keyword modifier has all of the capabilities of 
the private protected modifier. However, unlike the Java private 
protected modifier, the protected methods of class Person are acces- 
sible through instances of Person within methods of subclasses 
(see /* (1) */). In addition, the protected methods may also be 
accessible through instances of Person (or subclasses of Person) 
from methods of unrelated classes (see /* (2) */and /* (3) 
*/). For statements with comments /* (2) */and /* (3) */to 
be legal, class InheritDemo2 must reside in the same package as 
class Person (they are both members of package Human). 

As in the case for private protected members, a subclass can 
belong to a package different from the package of its super- 
class and still inherit the protected members of the superclass. 

The default modifier (no keyword) for a member provides 
the same level of capabilities as protected, but subclasses belong- 
ing to a different package cannot inherit the members of the 
superclass. 


Dynamic Method Lookup 

Polymorphism is the ability of an object to respond appro- 
priately to a message based on its type and position on the 
class hierarchy. By responding appropriately, we mean the 
ability of the object to choose the method implementation 
that best suits its capabilities. In C++, polymorphism is imple- 
mented by specifying certain member functions as virtual. In 
Java, there is no keyword like virtual. Polymorphism is simply 
a default feature of classes. 

If we go back to the earlier example with base class Person 
and derived class Pupil, each of these classes has its own 
DisplayData() implementation. If we have a statement such as 


Person paula = new Pupil(“Paula”, “636-37-0740", ‘F’, 
22, “Univ. of Chicago”, 4); 


followed by 
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paula.DisplayData () ; 


which DisplayData() would be called, Person.DisplayData() or 
Pupil.DisplayData() ? The answer is Pupil.DisplayData() because 
all Java classes inherently have a virtual dispatch mechanism 
to locate and match the implementation to the type of the 
object. Variable paula is a reference to a Person, but the object 
it refers to is of type Pupil. 


Abstract Classes in Java 

All of the previous classes we have seen are concrete classes, 
meaning that it is possible to create instances of the classes. 
Another type of class called an abstract class contains the names 
of behaviors without the implementations to execute those 
behaviors. Objects cannot be instantiated from an abstract class. 

One of the objectives of good object-oriented program- 
ming is to recognize the elements that are in common and 
to group those elements into general abstractions. For instance, 
if I were to construct a framework of classes for geometric 
shapes, I might start with the general notion ofa shape as the 
base class. From this base class, I would derive specific shape 
classes, such as Circle or Rectangle. 

One of the things I might do in the design of the framework 
is to have a unique 7d assigned to each Shape object upon 
instantiation. At times, I would need to get the Shape object’s 
id, soa method such as get/d() would be declared and imple- 
mented for class Shape. 

In addition, there is the notion of an area that can be cal- 
culated from any Shape object. However, the formula to cal- 
culate an area varies from one specific shape to another. In this 
case, a method prototype such as getArea() would be included 
in the body of class Shape and it would be up to the derived 
classes, such as Circle and Rectangle, to provide the specific 
implementations. Listing 5 shows an example in Java. The exe- 
cution of the code would output: 


cirl has id = 1, area = 706.858 
rectl has id = 2, area = 22000 
shapel has id = 1, area = 706.858 
shapel has id = 2, area = 22000 


In C++ an abstract member function is declared as virtual 
and tagged with “=0” immediately after the argument list 
(called pure virtual functions). Java, on the other hand, uses 
the keyword abstract: 


ii Geometric Shapes 


import java.awt.Point; 
abstract class Shape { 
public Shape() { 
id = ++count; 
3 
public int getId() { 
return id; 
} 
public abstract double getArea(); 
private static int count = 0; 
private int id; 
} 
class Circle extends Shape { 
public Circle(inE x, int y, int red) { 
center = new Point(x, y); 
radius = rad; 
} 
public double getArea() { 
return 4 = Math.atan(|.0) * radius * radius: 
} 
private int radius; 
private Point center; 
} 
class Rectangle extends Shape { 


public Rectangic(int ul x, iit uly, int Ir x, int by) 


upperLeft = new Point(ul_x, ul _y); 
lowerRight = new Point(lr_x, lr _y); 
} 

public double getArea() { 


>. 


// pi == 4 * atan(1.0) 


double result = Math.abs(upperLeft.x - lowerRight.x) * Math.abs (upperLeft.y - lowerRight.y) ; 


return result; 
} 
private Point upperLeft; 
private Point lowerRight; 
; 
public class ShapeDemo { 
public static void main(String args[]) { 
Circle cirl = new Circle(7, 9, 15)- 


System.out.printin(“cirl has id = “+cirl.getId()+”, area = “+cirl .getArea()); 


Rectangle rectl = new Rectangle(-50,70,150,180); 


System.out.println(“rectl has id = “+rectl.getId()+”", area = “+rectl.getArea()); 


Shape shapel = cirl; 


2. 


System.out.println(“shapel has id = “+shapel.getId()+", area = “+shapel .getArea()); 


shapel = rect1; 
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system.out.printin(“shapel has id = “+shapel.getId()+”, area = “+shapel.getArea()); 


public abstract double getArea(); 


In this case, the keyword abstract serves as a modifier to 
method getArea(). As in C++ classes, the presence of at least 
one abstract method will make the whole class abstract. When 
a class contains at least one abstract method, the abstract mod- 


ifier must be applied to the class declaration: 
abstract class Shape 


As in C++, one may not create instances of abstract classes. 
For example, the following would be illegal: 


hp-ux/usr = may/junetog7 Be 


coffee talk: 


going from c++ to java 


Shape shape_obj = new Shape(); // Error! 

As mentioned earlier, Java methods are virtual by default. 
In other words, a Java object, based on its type and position in 
the hierarchy, will be able to invoke the correct implementa- 
tion of a method. In the above (see /* (2) */and /* (3) */), 
reference variable shapel may refer to any subclass of Shape at any 
given time. However, because of dynamic binding, shape! will 
exhibit the correct response when message getArea() is sent to it. 

When a derived class overrides an abstract method and pro- 
vides an implementation, it must do so with the same method 
name, argument list, modifiers, and return type. A derived 
class that does not provide an implementation to an inherited 
abstract method must be declared as an abstract class. 

As in C++, an abstract class can have non-abstract methods. 
The getld() method of abstract class Shapeis a non-abstract method. 


Java Interfaces 

One of the major differences between C++ and Java is how 
inheritance is supported. C++ supports multiple inheritance 
while Java does not. The designers of Java realized that mul- 
tiple inheritance as implemented by C++ was too controversial 
and too complicated to be used safely and hence decided to 
refrain frorh putting these features into Java. Instead, Java has 
a feature called interfaces, which permits the inheritance of 
method prototypes from multiple sources. 

A Java interface is just like an abstract class in that one can- 
not instantiate an object from an interface. Unlike the abstract 
class, an interface can only have method prototypes, no vari- 
ables. However, one may declare a reference variable of an 
interface type and such variables may be fields inside classes. 

Whenever a class implements one or more interfaces, the class 
can provide an implementation for each method prototype of 
each interface. If there is one inherited method prototype that 
is not implemented, then the class must be declared abstract. 

One of the unique aspects of Java is that the language 
comes with support for multithreaded programming (which 
Sun Solaris 2, Microsoft Windows/NT, and POSIX 1003.4a 
environments support). A standard Java interface to support 
this type of programming is called Runnable. Interface Runnable 
has a single method prototype called run(): 


public interface Runnable extends Object { 


public abstract void run(); 
} 
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Listing 6 shows a class called DatetimeDemo that implements 
Runnable. The main() method of DatettmeDemo spawns two 
cooperating threads each of which displays its name and the 
current date and time for a given number of iterations. A 
sample display on the standard output device would look like 


Thread 1: Fri Jan 17 00:10:07 
Thread 2: Fri Jan 17 00:10:07 
Thread 1: Fri Jan 17 00:10:07 
Thread 2: Fri Jan 17 00:10:07 
Thread 1: Fri Jan 17 00:10:08 
Thread 2: Fri Jan 17 00:10:08 
Thread 1: Fri Jan 17 00:10:08 
Thread 2: Fri Jan 17 00:10:08 
Thread 1: Fri Jan 17 00:10:08 
Thread 2: Fri Jan 17 00:10:08 
Thread 1: Fri Jan 17 00:10:08 
Thread 2: Fri Jan 17 00:10:08 
Thread 1: Fri Jan 17 00:10:09 


1997 
1997 
1997 
1997 
1997 
1997 
1997 
1997 
1997 
1997 
1997 
1997 
1997 


Appearing on the Horizon 

For the experienced C++ programmer wishing to go to 
Java, I have introduced a number of fundamental Java key- 
words and constructs. Unfortunately, because of space limi- 
tations, I cannot elaborate much more. The Java language 
has many more features—runtime type information (RTTT) 
and exception handling to name two. RTTI is a feature to 
help identify the type of an object during runtime, which is use- 
ful for determining whether an object can handle a certain 
message. Exception handling is a mechanism to help the 
developer write more reliable code. Many of the standard Java 
classes use exception handling. Contemporary C++ also has 
equivalents to these features. For the enthusiastic reader, I 
have provided a list of references. 

As a development environment, the Java Developer’s Kit 
includes a number of important packages that are not part 
of the Java language itself. One package includes network sup- 
port for URLs (Uniform Reference Locators) and sockets. 
Another package is the Abstract Window Toolkit (AWT), which 
provides a set of platform-independent user interface com- 
ponents and protocols. 

At the time of this writing, SunSoft is gearing for the future 
Java 1.1 release and has presented a host of new packages and 
enhancements for public review. Some of the new features 
include support for internationalization, applet security, dis- 


LISTING 6 Implementing Runnable 


import java.util.Date; 

import java.io. IOException; 

class DatetimeDemo implements Runnable { 
DatetimeDemo (String str, int max) { 
name = str; 
count = max; 


xpath = new Thread(this); // Construct the new thread with the calling object 


// Uses constructor Thread (Runnable) 


xpath.start(); // Put the new thread into the runnable state 


} 

Thread getThread() { 
returm xpath; 

} 


public void run() {// This method is transparently called by start() 


while (count— > 0) { 
System.out.println(name+”: “ + new Date()); 
Dy | 


Thread.sleep(200); // Make the current active thread sleep 


//for 200 milliseconds 
} 
catch(Exception err) { 
System.out.println(err.toString()); 
System.exit(-1); 
: 
} 
} 
private String name; 
private Thread xpath; 
private long count; 


public static void main(String args[]) { // Start of the primary thread 


DatetimeDemo dtl = new DatetimeDemo(“Thread 1”, 7); 
DatetimeDemo dt2 = new DatetimeDemo(“Thread 2”, 7); 
// Make the primary thread block until all the 
//secondary threads complete execution 


while ((dtl.getThread().isAlive()) || (dt2.getThread() .isAlive())); 


} 


tributed computing (remote method invocation), and inter- 
faces to relational databases (Java Database Connectivity). 
The totality of these features promises to make enterprise- 
wide computing available throughout the world. For the dili- 
gent software professional, it means new career opportunities 
never before imagined. 

It is rare that a software technology gathers public enthu- 
siasm and momentum so quickly. In a matter of less than a 
year since its formal release, Java has done exactly that. Coffee 
brewing has never been more exciting. t 


Frederick F. Chew is an Information Technology Engineer with the 
Hewlett-Packard Asia Pacific Geography. He teaches C++ programming 
(“Objects++: C++ Programming Fundamentals”) to HP employees 
through the HP AHEAD program and is the author of The Java/C++ 
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by David L. Totsch 


THIS MONTH BEGINS A SERIES of columns dedicated to training HP-UX how to 
monitor its own status and report on an exception basis. A chief criticism of UNIX 
in general has been the lack of tools to monitor a system. The only response to 
such a criticism is to remind the critic that UNIX systems are more different than 
they are the same—even when they are the same version on identical hardware. 
Users bought into UNIX precisely for such flexibility. Therefore, the tools that will 
be described may or may not apply to your particular environment. The ideas and 
concepts presented, however, might prove applicable to any environment. Here 
are the general categories you should see over the coming months: 


Maintenance of btmp and wtmp 
Monitoring System Logs (syslog) 

General Log File Reporting and Truncation 
Maintaining IPCS 

Disk Space Monitoring 


As we cover this list, HP-UX 9.x will be ignored. Since that sounds a little callous, 
most of what will be discussed will have a primary difference of location (where 
files and commands are in the file tree). Using a quick case statement on uname -r 
to set some appropriate variables should gain access for 9.x users. Besides, I promise 
to do my best to warn 9.x users when I have done something 10.x-specific. In that 
spirit, let’s begin this month by examining a topic that lacks a version-specific solu- 
tion: Disk Space Monitoring. 

First of all, we need a list of local file systems. We need to avoid any NFS mounts 
since we have enough aggravation without generating redundant reporting. Here 
is the shell code: 


bdf -1 2>/dev/null | awk ‘$1 !~ /Filesystem/ { print SNF }’ 


Um, well, it reports the mount point, not the file system, but that is OK. Moreover, 
you may be asking, Why go to all of that trouble? If you have long file system or 
mount point names, those entries will take up two lines. 

One other item we might want to ignore are mounted CD-ROMS; their size is 
always 100 percent full. Here is the shell code to get the CDFS mounts: 


bdf -t cdfs 2>/dev/null | awk ‘$1 !~ /Filesystem/ { print SNF }’ 

Now we have to separate the CDFS mount points from the local file systems. If 
the locals are in the variable LOCALLIST and the CDFS’s are in CDFSLIST, then 
the following code will leave us with what we want: 


print “${LOCALLIST}\n${CDFSLIST}” | sort | unig -u 


This has no side effects if you run it on a system that does not have any CDFS file 
systems. Once the list is sorted, wnigq -u prints only lines that are not repeated. 


Seems like a lot of effort so far and we have only the list of 
mount points we want to report on. What we need to do now 
is run a for loop on this list. Within that loop we need to cap- 
ture and test the bdfoutput for each mount point. Here is the 
data capture: 


bdf -i ${MOUNTPOINT} 2>/dev/null | grep -v “Filesystem” | \ 
paste - - | read FS V W X CAP Y Z INOD MP 


Here is the description: the backslash (\) at the end of the 
first line is to instruct the shell to ignore the line-feed (to con- 
tinue the command on the next line); the bdf-i includes the 
inode information; the paste -- makes sure that two-line reports 
are on one line; the vead captures the file system name in FS, 
the capacity (amount used as a percentage) in CAP, the inode 
capacity (amount used as a percentage) in JNOD, and the 
mount point name in MP—everything else is ignored. 

If the threshold for reporting capacity is in CAPTHRESH, 
then this code would be used to check the capacity against 
the threshold: 


if [[ ${CAP%*%} -gt ${CAPTHRESH} ]] 


No, the typographer did not make a mistake, $/CAP% *%} 
is correct. Other than the obvious print statement used earlier, 
this is the first Korn/POSIX shell-specific code that has been 
used. The first percent symbol instructs the shell to begin 
matching the end of the contents of CAP for truncation. The 
*% matches the percent sign in the data. Basically, we end 
up with the percentage number without the percent nota- 
tion. Do not forget to test the inode information in a similar 
fashion. While the script has this data, you might want to 
append it to a handy file somewhere for historical logging. 

When the data is outside of the threshold, you will want to 
report it somehow. You can use the native e-mail system as an 
effective means of reporting. I suggest creating a mail alias if 
you have more than one system administrator. If you have 
installed software to drive a pager, you would build in that 
interface. As an alternate method, you can use the system log- 
ging facility logger. Using the system logging facility will allow you 
to consolidate all messages into a single report; you can even 
route all messages to a central host. But, leveraging the system 
logging facility is part of a topic that we will pick up later. 

How often you run this report depends on the current 
state of your environment. If file systems seem to fill up 


suddenly, you may want to run it fairly often. If you run it 
often, be sure to code in a mechanism to prevent multiple 
reporting (like touching a file in a directory and removing it 
when the file system drops below the threshold). Otherwise, 
a daily run will probably suffice (remember, you are looking 
for a reporting threshold, not 100 percent full). Quite a bit 
more complex, but still possible, would be to have a data file 
with a separate threshold for each mount point (be sure to 
code a default for mount points that do not appear in the list 
or at least report that they do not have a threshold). 
Reporting file system full is a basic task that all system admin- 
istrators have to fulfill, even if it is eyeballing a bdfonce in a 
while. I am all for making the system take care of these types of 
tasks itself. I avoided including the complete shell script because 
I want you to have the practice of writing the shell script. Since 
your site is unique, you have a strong likelihood of needing a cus- 
tomized shell script. Those of you who need the shell script 
writing practice have enough to get you going; for those who do 
not, maybe these scripts we will discuss over the next few months 
will appear on the HP World ’97 Swap Tape. Ll 


David L. Totsch is a Technical Consultant for Premier Systems 
Integrators, Inc. in Charlotte, North Carolina. His specialty is HP-UX 
system administration and he enjoys training others to do the same. He 
can be reached at (704) 522-6088 or totsch@rbdc.rbdc.com. 
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UX Systems Administration 


THIS MONTH I PRESENT a grab-bag of 
information, little things I have noticed 
or implemented in HP-UX 10.10, all of 
which should work (or apply) to later 


versions. 


HP-UX Start-up and Shutdown 

I was going to write a whole column 
on the new start-up and shutdown 
scheme HP implemented in 10.10, but 
John Fenwick beat me to it in the 
January 1997 issue. The only advice I 
can add to his article is that it is really 
easy to create your own start-up and 
shutdown scripts for your applications. 
I have created scripts for Oracle, FlexLM 
license Manager, our HTTPD server, 
and several custom applications. 

Copy the /sbin/init.d/cron and the 
/etc/rc.config.d/cron files and use them as 
a starting point. Also, don’t forget to cre- 
ate symbolic links to the /sbin/init.d 
directory instead of copying the files. 


Sendmail Changes in HP-UX 10.X 

HP’s version of sendmail changed 
quite a bit in 10.X. The basic function- 
ality remained the same, but the con- 
figuration files and executables are in 
a new home. 

First, HP has split off the sendmail 
configuration into its own directory, 
/etc/mail. I think this makes more sense 
than having it in /usr/libas in 9.x. There 
are four main files in this directory: 
aliases, mailcap, rev-aliases and sendmail. cf: 
These are the files you can modify. 
There are several others, all ending in 
.dir, .pag, or .fc. You can ignore them. 
They are binary versions of the four 
main files. 

sendmail.cf is the configuration file 
for sendmail’s routings. Basically 
unchanged from 9.x, it does include a 
rule for passing unresolved SMTP (‘@’- 
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style addresses) to the SMTP relay via 
UUCP. Long time readers will remem- 
ber I struggled with this for a couple 
of days before figuring out how to do 
this. HP’s solution is more elegant, but 
achieves the same purpose. 

The mailcap file is an undocumented 
look-up list of applications for viewing 
the various attachments to e-mail mes- 
sages. It supports most of the standard 
image types, including jpeg, rich text, 
gif, etc. I’m still doing research into the 
use of this file, so [’ll write about it in a 
future column. 

The aliases file is the same as for 9.x. 
It contains a list of e-mail aliases for your 
site. It can be used to alias all the various 
‘helper’ accounts, such as uucp, dae- 
mon, and operator, to the root account. 
It also allows you to create simple alias- 
es for a whole company or group of 
users. After modifying this file, don’t for- 
get to run /usr/sbin/newaliases to make 
the aliases active. 

A new twist, which makes user 
account hiding much easier, is the rev- 
aliases file. Basically, rev-aliases allows you 
to specify an alias for a user for all out- 
bound e-mail, typically first_last or 
first.last. Most security experts recom- 
mend not using users’ login names as 
their e-mail address. The major reason 
is that it gives a cracker some place to 
start. It is also helpful in academic or 
large companies where an e-mail 
address is a number. For example, user 
John Smith has an account name of 
a12345. Now, I wouldn’t expect anyone 
to remember this, since it was probably 
computer generated, so I add an entry 
to rey-aliases like this: 


al2345: John_Smith 


or 


QUALITY HP 
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This way, e-mail from John is deliv- 
ered as ‘John_Smith@yourdomain.com’ 
instead of ‘al2345@yourdomain.com’. WITH 0 UT TH - . bE ¥ RI C » 
Also it makes it easier for users to remem- 
ber how to send mail to John or any of 


te resin is always ‘First_Last@ e f- N T ’ L ‘ AS = z B U Y 


Now that’s great for outbound, but 


how doesthe inbound sail getto Johns Immediate Delivery On Most Items 
Use the aliases file. Add a line like this: 


John Smith: al2345 


¢ 700 SERIES: Models 710, 715/50, 715/75, 715/100, 
oe 735, 735/125, 712/60, 712/80, 745i 


John. Smith: a12345 ¢ XSTATIONS: ENVIZEX, C270X 
Again, remember to run /usr/sbin/ ° All 300, 400T and 400E Series 


newaliases after modifying either the ; 

rev-aliases or aliases files. « Memory, Features & Disc Upgrades for 
all Workstations 

General 10.10 Issues 


Contrary to what was written in ¢ CPU Upgrades: 715/50, 715/75, 735, 735/1 20, 


several newsgroups and mailing lists, 425, 380, 360 
/etc/securetty does work on 10.10. 


Remember that /etc/securetly allows you 
to define what terminals can be used 


for direct login as root. Apparently this More Than 1500 Satisfied Customers 
ee Throughout The USA and Worldwide 


now. Also, xdmand vuelogin have been 
changed to look at this file. Get the 
latest patches for the X environment to 


get the update. You'll remember that For technical info, SPECS Or pricing 
in as you nae. to modify some Vue Call Mordy or Carol 


scripts to do this. 
Want to see something really inter- 


Hinshe mening toa. S C.S.U. Industries, Inc. 
» 207 Rockaway Turnpike, Lawrence, NY 11559 
(516) 239-4310 FAX (516) 239-8374 


Now try to log in. Boom. No /users direc- 
tory! Also, the shells for all your users 
probably reference the old ksh, sh, or 
csh. What you need to do is reboot into 
single user mode and edit /etc/passwd 
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using vipw. Change all the /users direc- 
tories to /home and the /bin/[kc]sh to 
/usr/bin/[kc] sh. 

I recommend installing 10.10 instead 


of upgrading a 9.x system. Plan the 
upgrade, paying special attention to the 
new disk layout, then completely install, 
overwriting your current disks. Trust me, 
it'll save a lot of problems later. In the 
‘why did they change that?’ category: cu 
now defaults to 300 baud unless you 
explicitly list a speed using the -s option. 
In previous HP-UX versions, cu found 
the first entry for the system you were 
calling in /usr/lib/uucp/Systems (which 
is now located in /etc/wucp/Systems) then 
used that speed. Now it defaults to 300 
and complains it cannot find the System. 
Or, if you specify a baud rate not defined 
for the system, it also complains. In pre- 
vious versions, it again used the first 
entry. It’s not that difficult to remem- 
ber, but if you get paged at 3.a.m. ona 
Saturday, this quirk is not the first thing 
that comes to mind. 

Moved files: In 9.x /etc/newconfig held 
all the template configuration files. In 
10.10 this is moved to /usr/newcon/fig. 
Same files, different location. 

Want to know what software /filesets 
are installed on your system? In 9.x and 
earlier you could look at /etc/filesets or /sys- 
tem. In 10.10, with the introduction of swin- 
stall and friends, all this information has 
been moved to /var/adm/sw. Now instead 
of one directory, there are several: 


products—isst of install filesets and packages 

patch—iist of install patches, including 
the original files they replaced 

patch/.SUPERSEDED—ist of patches super- 
seded by the installed patches. 


There are also a few files of note: 
PATCH. log contains the list of patches 
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actually installed. This list is often dif- 
ferent from the list in the patch directory 
because the patch directory is not 
cleaned up when a new patch that super- 
sedes an old patch is installed. The file- 
set information for the old patch is still 
located in this directory. The 
patch/.SUPERSEDED directory lists what 
patches were superseded, but at a quick 
glance you can’t tell what you have. 
PATCH. log lists each installed patch and 
only those that are currently active. 

The second file is .codewords, which 
lists the codewords, by CD-ROM, used to 
install your system. I recommend e-mail- 
ing this information to yourself or mak- 
ing a hardcopy and keeping it separate 
from the list HP supplied. Too many 
times I couldn’t find the HP list or didn’t 
have access to it. I usually have the code- 
words, along with the license certificates, 
locked in the company’s safe. At 6 a.m. 
the office manager isn’t around. 

Finally, I want to go on a rant. I know 
its been a while since I did this, but 
HP’s cabling scheme for muxes on the 
D-350 is absurd. Those with the cat 0’ 
nine-tails muxes know what I am rant- 
ing about. Instead of supplying a stan- 
dard, DB-25 mux with the D-350, you 
get this 8-headed cable with RJ-45-like 
connectors. I say ‘like’ because it’s not 
an RJ-45. It is some bizarre 10-pin rib- 
bon cable connector. Now HP sells you 
bizarre to DB-25 cables, but they are 
expensive and the HP order form 
didn’t recommend them when you got 
the mux. I had to get Black Box Corp. 
to make me several to get my modems 
connected. 

What is the deal here? In the ‘olden’ 
days, HP required E Series muxes to have 
special pin-outs on their DB-25 cables. 
Again, custom built modem cables. At least 
the simple terminal cables with 2-3-7 


worked. Now I need to buy special bizarre 
to RJ-11 and R45 cables because the trans- 
mit and receive wires on the bizarre con- 
nections are not 2 and 3. 

Okay, end of rant. Anyone else found 
any new and interesting features in 
HP-UX 10.x you want to know more 
about? Send me some e-mail and Ill 
write about it. il 


Christopher Curtin is the Team Lead for 
Server-side Client-Server development for 
Manhattan Associates. His e-mail address 1s 
ccurtin@mindspring. com. 


Stuck using tar? 


(or foackup, cpio, or dump?) 


What a sticky mess! Standard UNIX backup utilities force you to glue 
on scripts to make them work right, have performance like molasses, 
user interfaces that are clear as pitch, and reliability that could 
drag your career down into a pit. It’s time to kick asphalt. Load 
BACKUP/9000 (it takes less than 10 minutes), and automate 
super fast, reliable backups and restores on any networked 
system via its slick user interface. Let BACKUP/9000 back 

up your Oracle databases hot, track tapes and files, manage 
media, schedule backups, etc. Don’t get stuck - get 

something faster, easier, and more reliable. Contact us 

for a free demo today, before things get really messy. 
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IN THIS MONTH’S COLUMN, I discuss 
a couple of interesting Usenet news- 
readers as well as some security/ privacy 
tools that you should be aware of. I had 
never heard of ssh (the “Secure Shell”) 
until my friend Harlen Stenn men- 
tioned it to me. Then, suddenly, I found 
two articles in magazines that referred to 
the same program. 

Being in the UNIX community is 
wonderful. People share information 
and software with one another—useful 
information, good software. I hope I 
contribute a little by referencing these 
packages that software authors have 
shared. If you are looking for a particu- 
lar program or utility that you think 
might be of interest to other people, let 
me know. I will dig around. You never 
know what you might find. 


MISC 


ssh v 1.2.17 

Many people access computers on 
the Internet via telnet. Either they are 
working at home and need to access the 
company computers or they are at one 
company site and need to access the 
computers at another location. While 
very convenient and productive, it is also 
prone to attack by a malicious hacker. 
When connecting to the remote site, you 
enter your user name followed by your 
password. Both of these fields are sent 
from your computer to the remote com- 
puter as clear text, readable by anyone. 
And who can read it? With the proper 
software on the proper hardware, your 
password can be read by anyone on your 
local network, on the network of your 
Internet provider, or on the network of 
the remote site’s Internet provider. And, 
unfortunately, many passwords have 


by Joseph Berry 


been hacked in this manner. 

ssh stands for the secure shell, a pro- 
gram written by Tatu Yionen (ylo@cs.hut.fi). 
This program logs into another comput- 
er over an untrusted network and pro- 
vides for the remote execution of 
commands. The program features strong 
authentication, privacy via RSA, DES and 
other encrypting algorithms, and secure 
X11 sessions. To use ssh, you must have 
an sshd daemon program running on the 
computer you wish to connect to. You con- 
nect to that computer by typing “ssh host- 
name.” This program comes highly 
recommended. 

ssh is available at /tp.cs.hut.fi in the 
/pub/ssh directory. Be sure to look in the 
contrib directory as there are some HP- 
specific files you need to download. 


pgp 2.6.2 


pgp is one of the most famous pro- 
grams available on the Internet. It has 
been mentioned in many magazines 
and newspapers including The Wall Street 
Journal. Developed by Phil Zimmerman, 
pgp (“Pretty Good Privacy”) is a program 
that encrypts and decrypts messages. It 
is based on RSA public-key encryption 
technology, making it, unfortunately, 
illegal to export and use outside of the 
United States (although work is under 
way to rectify this). pgp includes a sophis- 
ticated key management subsystem as 
well as message digests for digital 
signatures. 

The advantage of using public-key 
encryption is clearly explained by 
Zimmerman (from his file doc/pgp- 
docl.txt): “In conventional cryptosystems, 
such as the U.S. Federal Data Encryption 
Standard (DES), a single key is used for 
both encryption and decryption. This 
means that a key must be initially trans- 
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mitted via secure channels so that both 
parties can know it before encrypted K ar’ ia | — ee | 
messages can be sent over insecure i | 
channels. This may be inconvenient. If 
you have a secure channel for exchang- 
ing keys, then why do you need cryp- 
tography in the first place? 

“In public key cryptosystems, every- 
one has two related complementary 
keys, a publicly revealed key and a secret 
key (also frequently called a private key). 
Each key unlocks the code that the | LOW PRICE Personal Edition’ 
other key makes. Knowing the public Professional Edition 
key does not help you deduce the cor- | 
responding secret key. The public key B00- 961-7840 
can be published and widely dissemi- 


nated across a communications network. 


This protocol provides privacy without 
the need for the same kind of secure 
channels that a conventional crypto- 
system requires. 

“Anyone can use a recipient’s public 
key to encrypt a message to that person, 
and that recipient uses her own corre- 
sponding secret key to decrypt that mes- 
sage. No one but the recipient can 
decrypt it, because no one else has 
access to that secret key. Not even the 
person who encrypted the message can 
decrypt it.” 

pgp is available from a number of 
sites, most notably MIT. In addition, a 
popular location for the sources is from 


the following site: 


http://www.ifi.uio.no/pgp/modules. shtml 
Stp://ftp.ift.uio.no/pub/pep/lang/ 


mM v 6.5.1 

One of the most fascinating features 
of the Internet is Usenet. Usenet is com- 
posed of over 20,000 different news- 
groups, where users interact with their 


newsgroups of interest in a bulletin 
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board system manner. Newsgroup top- 
ics include computer-oriented as well 
as science-oriented technical subjects. 
As I have previously mentioned, the 
sources for this column come from 
either actual source code posted on a 
newsgroup or from announcements 
and discussions about some particular 
piece of software. 

So how does a person actually read 
the postings from the newsgroups of 
interest? With a Usenet newsreader, 
of course. Many good free news- 
readers are available. Some offer a 
more user-friendly front-end at the 
expense of having less powerful fea- 
tures while some (see gnus below) are 
very powerful but encourage you to 
learn a text editor in addition to the 
newsreader to get the most out of its 
tool. Please note that having this soft- 
ware is not sufficient for accessing 
Usenet. You also need access to a 
computer that maintains the Usenet 
database. 

nn is a menu-based newsreader that 
presents the user with screens of news 
messages. You choose which messages 
you want to read, proceeding from 
screen to screen, newsgroup to news- 
group. You can easily subscribe to new 
newsgroups by classes (for example, I 
want to subscribe to all newsgroups 
that start with “comp.”). nn includes 
enough features to satisfy both the 
expert and the novice user. The soft- 
ware includes online help as well as a 
manual. Keystrokes can be remapped 
to other keystrokes with nn’s advanced 
macro definition features. 

A large following exists for this 
software package and it even has its 
own newsgroup (news.software.nn) . 
The software is available via anony- 
mous ftp from /ftp.isca.uiowa.edu in 
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directory /9/unix/nn/nn-6.5 as file 
nn-6.5.1.tar. gz. 


gnus v 5.4.9 and rgnus v 0.84 

gnus and its latest incarnation, rgnus, 
are emacs-based news readers. You must 
(or at least should) know the text editor, 
emacs (to some extent), to take advan- 
tage of these readers. A wealth of 
options are available with both of these 
programs and you might feel a bit over- 
whelmed the first time you look at the 
documentation or run the program. I 
found, however, that if you take advan- 
tage of emacs’ pull-down menus that 
are gnus-specific, you will see and learn 
the essential commands that you need 
to know. 

Which package should you use? ’'m 
not really sure. gnus is a rewrite of an 
older gnus (version 4.1 by Masanobu 
Umeda) by Lars Magne Ingebrigtsen 
(larsi@ifi.uio.no). rgnus, also called Red 
Gnus, is written by the same author. 
It appears that this module is a rewrite 
of gnus Version 5. Although it is cur- 
rently still in “alpha” release, I am 
using the product without any diffi- 
culties. rgnus is completely compati- 
ble with gnus. Ingebrigtsen writes that 
rgnus “... will let you look at just about 
anything as if it were a newsgroup. You 
can read mail with it, you can browse 
directories with it. ...(R)Gnus tries to 
empower people who read news the 
same way emacs empowers people 
who edit text.” 

Sources to both packages are avail- 
able from /tp.ift.uzo.no in the /pub/ 
emacs/gnus directory. Other locations 
include fip.pilgrim.umass.edu (in direc- 
tory /pub/misc/ding) and aphrodite. 
nectar.cs.cmu.edu (in directory /pub/ 
ding-gnus). 


trace v 1.6 

In early 1995 I mentioned a program 
called trace (Version 1.3) that had been 
Kartik Subbarao. 
Unfortunately, at the time it only sup- 
ported HP-UX 9.05 (Series 700 com- 
puters). I think this program is valuable 


developed by 


enough that its latest manifestation 
should be mentioned. 

trace shows you what system calls your 
program is making, including as much 
symbolic information as possible. You 
can use it for figuring out why an appli- 
cation keeps bombing out. I have pre- 
viously used this program to find out 
what file a program was trying to refer- 
ence when it bombed out. 

This version of trace now runs on HP- 
UX 10.01 and 10.20 (sadly not on HP- 
UX 10.10). This program can be found at 
Jtp.interworks.org (/pub/hp.comp/) and at 
coombs.anu.edu.au (/pub/hpux/Sysadmin/ 
trace-1.6). 


COMP.UNIX.ADMIN 


Dotfile Generator (v 2.0) 

Jesper Pedersen (blackie@imada. 
ou.dk) has created the interesting pro- 
gram, The Dotfile Generator, a tool to 
help the end user configure basic pro- 
gram parameters of many of the more 
popular programs available without 
knowing the syntax of the configura- 
tion files, or reading hundreds of pages 
in a manual. This program creates the 
“dot files” that are so commonly used 
by programs such as emacs and elm. 

The Dotfile Generator includes “mod- 
ules” that add application intelligence for 
the specific program. A module exists for 
the X-Windows manager, fuwm2. In addi- 
tion, there are modules for the UNIX 


shells bash and tcsh and the editor, emacs. 

The program requires the Tcl/Tk 
packages. The Dotfile Generator is avail- 
able at ftp.imada.ou.dk in directory 
/pub/dotfile as dot-2.0.tar.gz. 


COMP.INTERNET.NET HAPPENINGS 


Big Brother v 1.03a 

Even if you decide you don’t need or 
want this program, Big Brother is an appli- 
cation that is worth looking at. Developed 
by Sean MacGuire (sean @iti.qc.ca) , this is 
a free Web-based UNIX network moni- 
toring tool. As MacGuire says, “It watches 
disk space, CPU loads, important pro- 
cesses, Web servers, and connectivity and 
can page you if something really horrible 
happens.” 

It is a nice example of where you 
can go with network and host-based 
management with simple Web-based 
tools. Remember, my company sells 
distributed performance management 
tools so we believe we really under- 
stand this marketplace and the kind 
of tools that are out there. The strong 
point of this product is the infrastruc- 
ture. The weak point is the actual data 
that is returned. Big Brother can be 
checked out at 

http://www.iti.qc.ca/iti/users/sean/bb- 
dnld 


WEB PAGES 


http://hjh.simplenet.com/freew1.htm 
While I don’t want to call myself a 
Windows 95 user, I must admit that I 
have a Windows 95 system both at my 
office and at home. On occasion I 
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find that having the right utility or 
tool for this system can be an advan- 
tage. This Web site includes freeware 
to download, utilities, screensavers, 
and links to other free Windows 95 
Web services. 


http://www.webplaces.com/search/ 

This is a really neat idea. Have you 
ever needed that certain icon for your 
Web page and didn’t know how or 
where to find it? This Web site includes 
a specialized search engine with cus- 
tomized search forms designed specifi- 
cally to locate clip-art, 
backgrounds, bullets, lines, buttons, and 
sounds. 


icons, 


http://sunsite.unc.edu/JavaZine/ 


http://wwwjavology.com/javology 
For those of us learning and work- 
ing with the new Java language, hav- 


ing more resources available can only 
be a good thing. These two sites con- 
tain Java-oriented online magazines 
with news items as well as contributed 
utilities. Hl 


Joseph Berry 1s a senior software developer at 

Landmark Systems Corporation in Vienna, 
Virginia. He is one of the authors of 
Landmark’s PerformanceWorks products, 
PerformanceWorks/Smart Agents for UNIX. 
A former HP 3000 systems specialist for 
Hewlett-Packard, he has been in the computer 
industry for more than 25 years. He can be 
reached at joe@wayne.unix.landmark.com. 
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by Bob Combs 


I HAVE A FRIEND FROM decades ago, 
who has quite an artistic flair. While we 
were working on a hardware design one 
day, and he was waiting on a schematic 
change from me, he drew some car- 
toons of typical phrases we use every day. 
The one that got me the most was a pic- 
ture of someone’s leg completing a kick 
and a computer flying through the air. 
The phrase below the picture was “I 
booted the computer for you.” I sup- 
pose that picture appealed to me not 
just because it was funny, but because it 
was how I felt at that moment. 

The computer boot process has 
become more complex over the years, 
and it can be frustrating to diagnose 
when it doesn’t work correctly. Part of 
what’s made the boot process of 
Microsoft Windows NT complex is NT’s 
ability to adapt to a wide selection of 
hardware configurations. And some of 
the frustration in diagnosing boot trou- 
ble is a lack of understanding of what 
the boot process is doing at each step. 
So, let’s dissect the boot process. I'll 
assume that we’re talking about an Intel- 
based NT system only. RISC-based NT 
is a little different. 

The boot process is composed of 
multiple steps. Even the hardware itself 
goes through multiple steps preparing 
for the NT boot. When the power switch 
is flipped on, most computers load a 
diagnostic program, referred to as the 
Power On Self Test (POST), from ROM 
into RAM and execute it. Visibly, the 
POST can be seen counting the mem- 
ory address as it checks memory. The 
boot device is then located by search- 
ing down the list of active boot devices, 
such as the floppy, CD-ROM, and hard 
disk. You can hear this process since 
each device is momentarily activated. 
The first one found with media avail- 


able is selected as the boot device. 

A master boot record is read from 
cylinder zero, sector zero (0, 0) of the 
boot device and execution is begun at 
the first location in this boot record. 
This first boot program doesn’t know 
about file systems. Its purpose is to exam- 
ine the disk partition table, find the 
active boot partition, go to that parti- 
tion, and load the partition boot sector. 
That’s right, the master boot only finds 
the actual boot record, which is conve- 
niently located at the first sector of the 
active disk partition. 

It is the partition boot record that 
recognizes which file system we’re run- 
ning (NTFS for example), loads the NT 
loader (NTLDR), and runs it. NTLDR 
switches the computer to the 32-bit 
memory model, starts a mini-file system, 
and reads a file named BOOTNI Vil 
discuss the BOOTLINI file in a bit, but 
for now just note that the BOOTINI file 
is a text file that lists boot options. As 
the user, we see the boot options listed 
on the screen, one of them highlighted, 
and a timer counting down until the 
highlighted option is booted. 

The NT boot is capable of booting 
multiple operating systems, such as MS- 
DOS, Windows 95, or OS/2. If Windows 
95 were loaded onto the machine, and 
NT then installed in a multiple boot 
configuration, the Windows 95 partition 
boot record would be copied into a file 
named BOOTSECT.DOS. If I were to 
select Windows 95 to boot, NTLDR 
would transfer control to the BOOT- 
SECT-DOS program. 

Back to NT. When an NT option is 
selected, NTLDR loads and runs 
NTDETECT: COM. As you can guess, this 
program is used to scan all hardware 
devices in your machine and to build a 
device list that will be copied into the 


NT Registry under the hardware key 
in the HKEY_LOCAL_MACHINE hive. 
You can tell when NTDETECT is run- 


ning since the screen will show 
NIDETECT V4.00 checking hardware. 


When it is finished, it returns the 
device list to NTLDR. 

After the hardware scan, NTLDR 
loads and runs the NT kernel, 
NTOSKRNL.EXE. This is the start of the 
actual NT operating system. The first 
thing NTOSKRNL does is to load the 
Hardware Abstraction Layer (HAL). 
The HAL is where much of the hard- 
ware isolation is contained, making the 
rest of the NT modules more portable. 
For example, HAL.DLLis different for 
multiple CPU processors. After the HAL 
is loaded, NTOSKRNL loads the Registry 
entries. The entries come from both 
the device list generated by NIDETECT, 
and from NT registry configuration 
backup files. 

Next NTOSKRNL loads the device 
drivers. This step can be noted by the 
single line of dots that are displayed one 
by one on the screen. After the drivers 
are loaded, the session manager 
(SMSS.EXE) is started. At this stage, the 
blue screen of birth (not to be confused 
with the Blue Screen of Death) appears 
with a top line reading 


Microsoft ® Windows NT Version 4.0 (Build 1381) 


One of the first programs SMSS exe- 
cutes is AUTOCHK.EXE, which scans the 
disk partitions and validates the file sys- 
tems, much as CHKDSK does. SMSS then 
sets up the paging file, pagefile.sys, for swap- 
ping. Then the subsystems are started; 
most notably this includes Win32, the 
default NT subsystem. 
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When the Win32 subsystem starts, it 
starts the windows logon program, WIN- 
LOGON.EXE. The windows logon pro- 
gram, in turn, starts the local security 
authority, LSASS.EXE. It is LSASS that 
displays the Ctrl-Alt-Delete logon dia- 
log box. 

The service controller, SCREG.EXE, 
is then started by SMSS. The SCREG starts 
each of the services designated for auto- 
matic startup, and in the order defined 
in the Registry. At this point the boot 
process is complete. After the first user 
logs on successfully, the current config- 
uration is copied to the LastKnownGood 
Registry entry for possible use on the 
next boot-up. 

Suppose we want to create a backup 
floppy diskette that can be used to boot 
our NT system should the boot records 
ever get corrupted. Using an NT system 
to format a floppy diskette and copying 
a few files onto the diskette can do this 
fairly simply. The files you will need to 


copy are NTLDR, BOOTLINI, NTDE- 
TECT.COM, and NTOSKRNL.EXE. If you 
are booting a SCSI disk, you'll also need 
the SCSI device driver NTBOOTDD.SYS. 
Each of these files can be found in the 
root boot directory of any Intel-base NT 
system, except for NTOSKRNL.EXE 
which is in the \winnt\system32\ directo- 
ry. The hidden attributes are turned on 
for these files, but unchecking the “Hide 
MS-DOS file extensions for registered 
file types” box under the Explorer’s 
View, Options selections, will make the 
files visible. Except for the BOOT-INI 
file, these files are the same for every 
Intel-based installation. 

It is the BOOTINI file that defines 
the operating system boot options avail- 
able. BOOT-INIis a text file that may be 
edited. (Note that you'll need to turn 
off the read-only attributes that are set 
on the file to be able to edit it with 
notepad or some other text editor. Or 
right-click on the My Computer icon, 
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windows nt 


select properties, and go to the Startup/Shutdown tab.) The 
file defines each operating system boot location, the default 
selection, and the timeout value. If the user doesn’t respond 
in the timeout value, the default system is booted. Here is 
what a typical BOOT.INI file looks like: 


[boot loader] 

timeout=30 

default=mul1ti (0) disk (0) rdisk(0)partition (1) \WINNT 

[operating systems] 

multi (0)disk(0)rdisk(0)partition (1) \WINNT="Windows NT V4.0” 

multi (0)disk(0)rdisk(0)partition (1) \WINNT="Windows NT V4.0 [VGA]” /basevideo 
C: \="MS-DOS” 


What this says is that the user is allowed 30 seconds to select 
the operating system, after which NT will be automatically 
booted. The three lines under the operating systems head- 
ing are selections presented to the user. 

The last line is the selection for booting MS-DOS. Recall that 
booting MS-DOS transfers the boot to BOOTSECT.DOS. 

The first two lines under the operating systems heading 
are defined in a device naming syntax that specifies where to 
find the boot record. The lines listed above are for a non- 
SCSI disk device. The portion multi(0) means use the first 
hardware adapter. The disk(0) portion will always be 0 for non- 
SCSI. The rdisk(0) portion selects the first disk on the adapter, 
drive 0. The partition(1) portion selects the first disk partition 
as the one to be booted. Note that the partition numbering 
starts from one (1), whereas the other portions start from 
zero (0). The \WINNT portion defines the root directory path 
of the operating system. The portion in quotes is the title dis- 
played to the user for selection by NTLDR. 

If we were booting from a SCSI device, the BOOTUNTI file 
line might appear as 


scsi (0)disk (0) rdisk(0)partition (1) \WINNT="Windows NT Server Version 4.0” 


where the rdisk(0) defines the SCSI device logical unit 
number. 

You can also put switches at the end of the operating systems 
lines. For example, note the /basevideo switch at the end of 
the second line under operating systems. This switch causes NT 
to start up using a standard VGA controller in 640x480 reso- 
lution. This is useful when you accidentally configure the sys- 
tem to a resolution that your graphics card doesn’t support. 
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Simply reboot the system selecting the second entry. The sys- 
tem will come up in a mode in which we can properly see the 
display, and we can then reload the correct display settings. 

Another useful switch is the /sos switch. This switch causes 
the drivers loading phase to list each of the drivers as they are 
being loaded. 

I’m sure everyone takes the advice of the installation process 
and creates an Emergency Repair Disk, but most of you prob- 
ably don’t create a boot disk for emergencies. The need for a 
boot disk becomes critical if you’re using mirrored drives and 
your primary should ever fail. It is next to impossible to boot 
the system from the shadow system disk without a properly 
created boot floppy. The shadow disk entry in the BOOT-INI 
file on the diskette might look something like 


multi (0)disk(0)rdisk(1)partition (1) \WINNT="Windows NT 4.0 Shadow” 


I usually set this as my default entry as well. That way I can 
insert the disk and just boot the system without any additional 
intervention if I have a crash of the primary. L 


Bob Combs is the Director of Systems Architecture at PCSI in Englewood, 
New Jersey, a company specializing in client-server technology. He is 
a Microsoft Certified Systems Engineer. 
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by Larry Headlund 


MUCH OF WHAT we now Call the 
Graphical User Interface (GUI) traces 
its origin through the Apple Lisa. The 
Apple Macintosh user interface today is 
a direct descendant. The popular per- 
ception of what a GUI is and how it 
works, particularly the Windows Icon 
Mouse Pointer (WIMP) paradigm, was 
derived from the Lisa and the Mac. Note 
that I said popular perception and 
through, not from. There was extensive 
litigation and debate about who 
invented what and with what inspiration 
and ownership rights. Certainly X, 
through Project Athena, begun in 1983, 
had a separate genesis and a different 
design philosophy. However, as GUIs 
evolved through the last decade and a 
half, the Apple interface and its users 
have been a pervasive influence. 

Recently interactions, a publication of 
the Association for Computing Machinery 
dedicated to human computer interac- 
tion issues, published some articles about 
the design history of the Lisa. The authors 
of the main article were members of the 
design team for the Lisa interface. Given 
the influence of the final result and the 
consequences of the design decisions 
made, it seems worthwhile to return to 
those thrilling days of yesteryear and 
examine the roads taken and why. 


When Did It All Start? 

The Lisa project was first proposed 
in late 1978 and begun more formally in 
the spring of 1979. The goal was a 
machine to propel Apple into the gen- 
eral business market. Consider the state 
of business computers in 1978. The over- 
whelming majority of business comput- 
ing was done on mainframes, with 
inroads from the minicomputer mar- 
ket. The basic operating system inter- 
face was a prompt. The wedge for 


business functions on PCs was through 
the spreadsheet. In particular, Visicalc 
on the Apple II was putting the PC on 
business desktops. However, dedicated 
word processors from Wang, Lanier, etc. 
were dominant on that desktop. UNIX 
was not, indeed could not be, sold com- 
mercially. It was in use outside of AT&T, 
mostly in universities but also at the odd 
non-academic site, for example the 
blood bank in Pittsburgh. No one 
expected a new employee off the street 
to be able to use their computer system. 

All this is not to say that no one had 
thought of any other possible comput- 
er interfaces. On the contrary, since at 
least the early 1970s there had been pro- 
posals and experiments with more 
adventurous modes. However, in the 
late 1970s there had been no commer- 
cial implementations of alternatives to 
the prompt and text-based programs. 
There had been few commercial uses 
of graphic screens outside of Computer 
Aided Design or other applications 
where graphics were essential. The idea 
of different interfaces had been pro- 
posed in the previous decade, by 
Englebart among others, and the Lisa 
designers were aware of this work, but 
there were no machines implementing 
these ideas widely available. This would 
change during the roughly five years of 
development of the Lisa, with the release 
of the Xerox Star, but the design team 
of the Lisa had essentially a blank slate, 
with no expectations from their target 
market and no installed base. 


Goals 

The design goal for the Lisa was a 
computer for general business use by 
secretaries, managers, and professionals 
that could be used without disrupting 
the office. It was to be fun to use and to 
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require minimal user training and “hand 
holding.” The fun-to-use part was most 
subjective, but the requirement for min- 
imal user training and hand holding had 
some immediate design consequences. 


Minimal user training mandated a 
standard user interface. A consistent set 
of commands for every application meant 
that the knowledge of one set of com- 
mands could be transferred to all appli- 
cations. This imperative can be enforced 
when there is a single source, a single 
organization obedient to the directive 
producing all the applications, but how 
can independently produced applica- 
tions be made to conform? The interac- 
tions article is concerned with the design 
process inside Apple and does not con- 
sider this issue. As it turned out, what 
became the Macintosh was famous for 
the consistency of its applications’ inter- 
faces. How did this happen? It was a result 
primarily of limitations in the memory 
and processing power of the original 
Macintosh! It was only practical to pro- 
duce applications for the Macintosh using 
the supplied components. Ignoring the 
style guide and creating applications from 
whole cloth, as was standard practice on 
other architectures, was prohibitively 
expensive in terms of computer 
resources, hence the path of least resis- 
tance was a consistent interface. 


Pros and Cons 

The decision for a consistent user 
interface was a decision, with viable alter- 
native philosophies and arguments pro 
and con. The X Window System explic- 
itly did not have a policy on user inter- 
faces. The layers above X, for example 
Motif and the CDE, determine user 
interfaces. Individual X applications 
have successfully mimicked Macintosh, 
MS Windows, and MS DOS applications. 


Continued on Page 70 
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The arguments for a consistent user 
interface seem obvious—how can they 
be argued against? Consider that a 
mode of operation consistent across all 
applications is probably optimal for 
none. An analog to this argument is the 
issue of specialized computer applica- 
tion languages versus general-purpose 
languages. Is it better to have efficient 
(by whatever measure) distinct lan- 
guages for text processing, process con- 
trol, numerical computation, graphic 
manipulation, and so on, or is it better 
to have a single language to learn, one 
that does all of the above but with hand- 
icaps in any particular field? PostScript 
and SQL argue on one side, Perl and 
the Korn Shell on the other. I have also 
had clients in specific fields, particularly 
heads-down order entry, argue against 
the use of standard interfaces when the 
price of those interfaces includes a 
decrease in operator speed (more key 
strokes) or*an increase in computing 
resources. User friendliness isn’t the only 
factor in human factors. 

A non-computer analog of the above 
question is found in the humble Swiss 
Army knife. I have one in my pocket 
now and never travel without it. It is con- 
venient to have all those tools together, 
compactly sharing a common handle. 
However, individually the tools are a 
little awkward. They are not the best 
adapted knife, screwdriver, file, or 
scissors to my hand. The best tools for all 
jobs may not be the best tool for any job. 

When the exact nature of the user 
interface is decided at the operating sys- 
tem and hardware design level, the deci- 
sions had better be correct because 
there may be no easy fixes. A familiar 
example of a bedeviling legacy is the 
decision to have essentially no security 
built into the operating system with MS- 
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DOS. The machinations and convolu- 
tions bedeviling Java applets in an 
attempt to layer needed security for dis- 
tributed applets are partially a conse- 
quence of that original design decision. 

Note also that ease of programming 
applications was not a design criterion. 
The end-user was the exclusive focus, 
not what would be easier for the devel- 
oper. Contrast this with the Lisp 
machines and the Smalltalk environ- 
ments, which were contemporary with 
the birth of the Lisa. These were devel- 
oper’s environments first. The Lisa/ 
Macintosh turned out to be a relatively 
developer friendly environment, but 
that appears to be serendipitous. 
Contrast also the NextStep environ- 
ment, in which making life easy for the 
developer was an early consideration, 
or MS Windows, on which few program 
directly, relying on foundation classes, 
programming environments, frame- 
works, etc., to shield the developer from 
the API proper. While there are tools 
like this for the X world, they are not 
the necessity here that they are in MS 
Windows. 


A Fable 

Since I mentioned NextStep, some 
heavy irony intrudes. NextStep came 
from Next Computer, the company 
Steve Jobs founded after leaving Apple. 
It is based on the Mach kernel from 
Carnegie-Mellon University in Pitts- 
burgh and the whole environment on 
Next would not have been possible with- 
out utilities from Richard Stallman’s 
Gnu Not Unix (GNU) project. Most dra- 
matically from a development stand- 
point, the NextStep Objective-C 
compiler was based on gcc from the Free 
Software Foundation and the enhance- 
ments the Next team added were 


released under the GNU General Public 
License (GPL). The gcc compiler is one 
of the two most popular FSF products 
(the other is the editor emacs) and both 
of these are strongly Richard Stallman’s 
handiwork. Since the GPL has never, to 
my knowledge, been tested in court, this 
observance of the GPL by a major cor- 
poration when it arguably was not in the 
corporation’s interest to do so is the 
strongest argument for the ultimate 
legal validity of the GPL. While this was 
going on, Apple sought to protect its 
shrinking market share against MS 
Windows by asserting intellectual prop- 
erty rights derived from the Lisa/ 
Macintosh interface. The implications 
of this assertion so alarmed and 
incensed Stallman and the FSF that for 
a decade Apple products have been the 
one platform that was explicitly not sup- 
ported for FSF products, that was 
boycotted. As this was going on, MS 
Windows came to dominate the com- 
mercial desktop. Desperate, in late 
1996 Apple brought Steve Jobs back 
and announced that their next gener- 
ation operating system would be based 
on the NextStep OS, the one with all 
the GNU history. 

There is probably a moral in the 
above story but damned if I know 
what it is. t 


Larry Headlund is the president of 
Mathematical Engineering, Inc., a UNIX 
and Motif development company. He has 
been working with commercial UNIX since 
1983 and with X since 1987. He can be 
reached at lnh@world.std.com or at 1 617- 
242-7741. 
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CSL Perspective 


ONE OF THE CHALLENGES system 
administrators on UNIX-based systems 
face is providing a rich computing envi- 
ronment for their end-users. Although 
many of us may be a bit selfish at times 
in wanting the system to empower us, 
applications and the systems they run 
on benefit us primarily as enablers for 
improving the business of our com- 
panies. It is these business goals that drive 
most of the buying decisions for hard- 
ware and software, as well as the way the 
system is deployed and how it is main- 
tained long-term. From time to time, 
requirements arise that cannot be met 
adequately with the software initially 
deployed, so many a system administra- 
tor turns to the freely available domain. 

Fortunately, the UNIX community 
has been working in this “open” fash- 
ion for some 20 years. The amount of 
software out there is immense, both in 
numbers of packages as well as in capa- 
bilities. Unfortunately, this is a double- 
edged sword because much of this 
software is distributed in a form that is 
neither easy to use nor easy to support. 
And in some cases, some background 
in software development is useful to get 
the most use out of the software. Let me 
illustrate with an example. 

Once I have identified a need for some 
capability or function, I then begin to work 
through a process something like this: 


1. Search the net for an appropriate 
package 

2. Download the software to the local 
system 

3. Unpackage the software into its 
components 

4. Read and understand the instal- 
lation instructions 

5. Install the software (including 
compiling the source, linking, and 


deploying the executables) 

6. Test the functionality to make sure 
it meets the requirements 

7. Deploy the package across the 
environment 

8. Notify and possibly train the users 

9. Figure out how to support the 
package long term 


If I am a fairly new administrator, this 
is going to be a tough problem to solve. 
I may not have the requisite experience 
to utilize the package effectively. I may 
also see some risk in even attempting it, 
and I’m eager to solve the problem for 
both the end-user as well as my man- 
agement. It may even drive me to spend 
my time looking for a commercial pack- 
age to use. Sound familiar? 

Many will agree that this is the current 
state of affairs in much of the UNIX mar- 
ketplace, and it is much truer of the HP 
user community than of almost any other. 
Many of those in the Sun camp essentially 
grew up with UNIX and have much of the 
skill base to deal with the effective deploy- 
ment of free software. In the HP camp, it’s 
a slightly different situation, primarily 
because of the success of HP’s Mainframe 
Alternative programs as well as their suc- 
cess in the commercial marketplace (some- 
what driven by the success of the HP 3000). 
This has translated into an influx of new 
users who have many generic skills such as 
system management or programming, but 
may feel very intimidated by the sometimes 
cryptic UNIX environment. As these indi- 
viduals look outside for software, they may 
feel helpless to take advantage of much of 
what is available. This has been an ongo- 
ing problem in the Interex and InterWorks 
libraries for several years. 

InterWorks and Interex, working 
together, have been moving forward on a 
project called FAST (Freely Available 
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HP 1000 Guru 


QQ? We keep hearing about all the 
“year 2000” problems that, according 


” 


to certain “experts,” are going to 
cause major chaos. How does the HP 
1000 handle the upcoming new 
millennium? What problems, if any, 


Can We expect to encounter? 


= First of all, the HP 1000 has no 
inherent problem with the year 2000. 
Over the years, several time-related 
problems have been corrected as they 
were encountered. What we will try to 
do here is describe what these 
problems were, what they affected, 
and when they were fixed. This is in 
no way a comprehensive list, and 
certainly there could be unknown 
problems with different subsystems. 
The focus of this column will be RTE- 
A, since RTE-6 has no official support 
beyond 1999. When possible, we will 
make comparisons to RTE-6. 

First some background on how time 
is managed in RTE-A. 

All A Series CPUs have a Time Base 
Generator that ‘ticks’ every 10 millisec- 
onds. These ‘ticks’ are accumulated in 
system entry point $TIME (and 
$TIME+1) as a double-integer. This 
value is then interpreted as the negative 
number of centiseconds until midnight. 

Entry point $TIME+2 is a second 
accumulator that counts the number of 
days since January 1, 1976. (In RTE-6, 
this is January 1, 1970) This value is then 
converted into the appropriate Day- 
month-year when needed. This theo- 
retically means the maximum year in 
RTE-A is 2065, or 2155 if we treat 
$TIME+2 as an unsigned integer. 

File system timestamps are stored as 
double-integer values in the file’s direc- 
tory entry. This double-integer number is 


the number of seconds since 1970. This 
is the same in both RTE-A and RTE-6, 
for compatibility. So the maximum year 
for a file’s timestamp is 2,147,483,647 
seconds/ (60*60*24*365) = approxi- 
mately 2037. 

File Manager and type 0 files, (which 
have no actual timestamps) will appear 
with a timestamp of January 1,1970 
when viewed by a program such as FST 
that stores timestamp. 

As you can see, the maximum year 
for RTE is different from the file sys- 
tem’s, because of the way the informa- 
tion is stored. And it should be apparent 
that this scheme has no inherent prob- 
lem when the year 2000 rolls around. 
The problems that have existed were 
caused by the interpretation of these 
numbers. And this inconsistency led to 
one of the problems we'll see later. 

Another date that appears in RTE-A 
is April 1, 1983. This is the release date 
of the original RTE-A (Previous versions 
of RTE-A were known as A.1) RTE-A 
introduced the hierarchical file system, 
CI, and Code and Data Separation (CDS, 
which was actually sold as a product sep- 
arate from RTE-A called VCPLUS). 
When an RTE-A system is booted, the 
default startup time is April 1, 1983. 

This date is placed in $TIME+2 by 
the RTE-A Generator program. Thus if 
one forgets to set the time on bootup, 
the clock starts at 12:00:00 AM on April 
I, 1983. 

(For RTE-6 this date is December 
1,1981. But sometime in the 1980s, this 
startup date was changed to be the 
current system time when the RTE-6 
generator was run.) 

So, what problems ‘thave been 
encountered? Actually, they are very few 
in number. We will list these in order of 
apparent severity (our choice!). 
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The library routine FTIME, which is called to return 
the formatted ASCII time, was broken for the year 2000 
and above. It was originally coded using 1900 as a 
hardcoded base. This caused FTIME to return the year 
as 19:0 for the year 2000, 19:1 for 2001, and so on. 

This was fixed in Release 5.0. If you are using a 
release prior to 5.0, the easiest workaround is simply to 
relink any programs that call FTIME, and relocate a 
later version of FTIME from $BIGLB. This can be done 
in link as follows: 


link: RM, /Newer_libraries/SBIGLB.LIB, FTIME 


This will relocate just the module FTIME. The version 
of $BIGLB can be anything up to 6.2. 
Prior to Release 6.2 of RTE-A, the time setting routine 
found in &TIME allowed the system time to be set to 
years up to 2144. Obviously, this was inconsistent with 
the file system max year. So as of 6.2, the TM command 
will allow years only from 1976 till 2037. Not normally a 
problem, since one wouldn't usually set the system time 
incorrectly. But if it is set incorrectly, it will cause FMP 
problems. 
Years beyond 2037 are not valid for FMP timestamps. If 
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the system time is set to a year beyond 2037, and a file is 
updated or created, certain masking functions will fail. 
Typical symptom: a DL will not find the file, yet EDIT 
or LI will display the file. 

The solution is (1) Don’t set the time incorrectly and 
(2) if you do, then reset the time correctly and copy the 
file to update the timestamp. 

While on the subject of masking: We have tested 

timestamps in masks and as of 6.2 have not discovered 
any problems using dates in the year 2000+ range. This 
is not to say that earlier releases did not have a 
problem; we just are not aware of any. 
There is a routine called DAYS70, contained in module 
&DLIB2, that failed for years 2000+. This routine is 
used only by MACRO, and thus should not be a major 
concern. 

This was fixed at Revision 6.2. 

Two PASCAL routines, PAS.TIMESTAMP and 
PAS.TIMESTRING, do not handle the year 2000 
correctly. This affects WH and LANVCP. 

This was fixed at Revision 6.2. 

EDIT/1000’s internal timestamp is also afflicted by a 
similar problem as FTIME above. It will display “:0” as 
the year for the year 2000 and so on. 
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This problem was fixed in EDIT itself at 6.2. 

7a. EDIT/1000’s internal timestamp feature displays only 2 
digits for the year. Thus starting in the year 2000, the 
timestamp will be <000101.000>. 

This will not be changed, due to possible adverse 
impact on existing code. 

8. Now we’re down to the really minor problems. The 6.0 
Programmer's Reference Manual states that SETTM has an 
upper limit of 1999. This is incorrect, as the limit was 
really 2144. Of course that limit was subsequently made 
2037 (at 6.2) to match FMP timestamps. 

Documentation was updated at Revision 6.1. 


And now a word about leap year. Everyone knows that 
leap year occurs every four years, when the year is divisible 
evenly by 4. Thus the year 2000 is a leap year by this simple 
rule. But there is a secondary leap year rule that if the year 
is divisible by 4 and by 100, then it is not a leap year. Thus 
1900 was not a leap year and it follows that 2000 should not 
be a leap year. Many people are not aware of the Divide-by- 
100 rule. And even fewer are aware of the Divide-by-400 
Rule: If the year is divisible by 400, then it is a leap year. 
This overrules the Divide-by-100 rule. Confused? Let’s do 
itin FORTRAN: 


if (mod(year,4).eq.0) then 
if (mod(year,100) .ne.0.or.mod(year,400).eq.0) then 
LeapYear = .TRUE. 
endif 


endif 


Other subsystems that have been tested to some degree 
include: 

FORTRAN—FORTRAN does not have intrinsic time/date 
routines. However, the date printed on the listings will roll to 
1900 after the year 2037. 

BASIC—Routines TIMEDAY and TIMESTRING have been 
tested in the year 2010. They worked fine. 

C—not tested yet. 

Image-II—Only has two date functions, DATE and EDATE, 
which both use a four-digit year and have been tested to 
December 31, 2037. 


It is our feeling that one of the largest impacts of the year 
2000 may involve custom or third-party application code that 
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uses only two digits for the year. Obviously, when the year 2000 
occurs the “number” will roll from 99 to 00 and all sorting 
using this number will fail when mixed with numbers before 
the year 2000. 


QQE Is any HP 1000 information available on the Web? 


As a matter of fact, yes. From the Hewlett-Packard Web 
Site, located at: 


hitp://www.hp.com/ 
You will find HP 1000 information located at: 
hitp://www.hp.com/computing/rte/ 

Also, we have implemented an e-mail Autoreply node, 
which contains various technical articles, including archives of 
past HP 1000 Guru columns. The address is: 
Rte_Support@hpwrcxe.mayfield. hp.com 

Just send a message with the word INDEX in the Subject. 


You will be sent an Autoreply with a list of articles available. Just 
follow the instructions. L 


Walt Boeninger works in the HP Response Center in Mountain View, 
California. He has been supporting the HP 1000 for 15 years. His 
e-mail address is: walt@hpwrcxe.may field. hp.com 


There's a place 
for people like you. 


_ an Interex member, you've already 
demonstrated an interest in HP technology and 


professional networking. Now you can go one better. 
Become an Interex Volunteer. 


As a Volunteer, you'll have even more opportunities 
to network with colleagues, improve your skills, and 
gain professional recognition. And whatever your 


area of expertise, there is an Interex committee that's 
right for you. 


a Volunteer ‘Today! 


interex Find out more by calling Gayle Crossley at 


Shared Knowledge. 1.800.INTEREX or e-mail us at crossley @interex.org. 
Shared Power. 


Interex Online 


http://www.interex.org/ 
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Continued From Page 16 
Usenet Indexing Engine 

Hummingbird Communications Ltd. 
has announced NewsWatch, a Windows 
NT-based server that automatically 
indexes Usénet feeds, allowing users to 
perform simple and complex queries 
through any Web browser. Designed to 
filter out user-specified information 
from thousands of Usenet articles post- 
ed daily, Hummingbird NewsWatch 
delivers user’s queries of the indexed 
database in customizable HTML pages 
or scheduled e-mail messages. 

The product automatically informs users 
when a topic of interest appears and enables 
them to go directly to the articles they need. 

NewsWatch requires Windows NT 
3.51 or later and 16 MB of RAM. It is 
priced at $995. 

Contact Hummingbird Com- 
munications, phone: (415) 917-7300, fax: 
(415) 917-7310, http://www.humming- 
bird.com. 


CD-ROM and Web Server 


Todd Enterprises has announced 
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OPTI-NET Direct HL-7, a complete CD- 
ROM and Web server. The 4.76 GB 
tower/server system (including OptiView 
Management software) is installed in a 
fully equipped seven-drive tower. It attach- 
es directly to an Ethernet network with- 
out any additional software or file server. 

OPTI-NET Direct provides shared 
CD-ROM access over the user’s Ethernet 
network. The product serves up CD- 
ROMs as mountable volumes to 
NetWare and NFS clients, and as Web 
pages to Internet/intranet clients. A 
built-in WWW server enables users to 
access the CDs using any Web browser. 

Contact Todd Enterprises, phone: 
(800) 445-8633 or (516) 777-8633, fax: 
(516) 777-2750, http://www.toddent.com. 


Electronic Commerce Solution 

St. Paul Software has announced the 
integration of their spEDI*tran prod- 
uct with DRA Classic, the Library 
Management System (LMS) from Data 
Research Associates (DRA). DRA’s LMS 
runs in Windows NT, UNIX, and Open 
VMS environments, and is networked 


to the Microsoft Windows NT Server 
running EDI translations through 
spEDI*tran. The new EDI capability will 
allow DRA’s 800 customers to automate 
the process of ordering and procure- 
ment for a seamless integration with 
their suppliers. 

Contact St. Paul Software, phone: 
(612) 603-4400, http://www/stpaulsoft- 
ware.com. 


New From Black & White Software 


Java Objects Across Internet 

Black & White Software has an- 
nounced Web/Enable, which employs 
object technology for Web application 
development. Web/Enable encom- 
passes Java and CORBA IIOP to provide 
an infrastructure for building or migrat- 
ing applications that function across the 
Internet and intranet. With Web/ 
Enable, servers can be created and reg- 
istered with the CORBA Object Request 
Broker (ORB) and then be accessed 
from within Web/Enable to easily create 
client applications or applets in Java or 
C++. 

The Web/Enable solution includes a 
graphical palette of Java components 
and tools for constructing clients and 
servers, automatically integrates GUI and 
three-tiered distribution based code, 
offers IDL development and CORBA 2.0 
conformant features, and facilitates the 
administration of deployed application 
across a network. Web/Enable contains 
OrbixWeb and also builds on UIM/X. 

Web/Enable is priced at $3,500. 


User Interface Management 
Black & White Software has an- 
nounced UIM/X 3.0, a new version of 


the user interface management system 
for CDE/Motif. New features include 


an embedded C++ interpreter, expand- 
ed support for true object-oriented 
development, and numerous usability 
enhancements. 

UIM/X is an interactive object-ori- 
ented tool, supporting encapsulation 
and polymorphism, as well as the spec- 
ification and implementation of class 
hierarchies. Developers can create, mod- 
ify, and test the layout and behavior of 
user interfaces with the underlying appli- 
cation connected and running, without 
having to compile code. In addition to 
the C++ interpreter, UIM/X 3.0 includes 
support for both graphical and non- 
graphical objects, a Connection Editor 
for visually creating callbacks, a com- 
plete C++ convenience library, a 
Constraint Editor for graphically defin- 
ing constraints on GUI elements, 
enhancements to Novice Mode, user 
interface improvements, and a Bubble 
Help system. 

Pricing for the UIM/X 3.0 is $5,000. 

Contact Black & White Software, 
phone: (408) 369-7400, fax: (408) 369- 
7406, e-mail: info@blackwhite.com, 
http:/ /www.blackwhite.com. 


Web-based Electronic Commerce 

ParcPlace-Digitalk, Inc. have an- 
nounced HP certification of VisualWave 
2.0 for use with HP’s VirtualVault software. 
Together, the products will allow compa- 
nies to rapidly deploy secure electronic- 
commerce solutions across the Web. 

As a complete object-oriented devel- 
opment environment for both client- 
server intranets and the Web, 
VisualWave allows corporations either 
to reuse existing client-server applica- 
tions or develop new ones and then 
deploy those applications directly on 
the Web. HP’s VirtualVault software 
ensures end-to-end integrity of all inter- 


Make the UNIX to MPE Connection 


IX/92° 


Full featured HP terminal emulation 


New! Version 6 


Faster File Transfer 
NS/VT Network Option 
Enhanced Script Language 


Available for: 


HP-UX Interactive UNIX SCOUNIX SunOS/Solaris 
Software Licensing Corp., Suite 280, 930 Tahoe Blvd. Unit #802 
Incline Village, NV 89451-9436 


Phone: (800) 831-0882 or (702) 832-0881 Fax: (702) 832-0883 
All trademarks are the property of their respective holders. 
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Do You Know Where Your Security Holes Are? 
Find Them with SecurityAudit/UX! 


Have You Heard that UNIX is Notorious for Its Lack of Security Features? 
Do You Know Where to Check to See if Your HP-UX System is Secure? 
Do You Have the Time to Do This Checking Regularly? 

Use SecurityAudit/UX To Do It All! 


EVEN IF YOUR SYSTEM IS SET UP CORRECTLY (AND HOW WOULD YOU KNOW IF IT WAS?) AND HAS NO SECURITY LOOPHOLES, IT CAN 
BE VERY DIFFICULT TO MONITOR SYSTEM CHANGES, AND TO ENSURE THAT SECURITY ISN’T COMPROMISED. THE MAGNITUDE OF THE 
PROBLEM INCREASES AS THE TOTAL NUMBER OF USERS CONFIGURED AND THE TOTAL NUMBER OF FILES GROWS. IT’S EASY FOR 
ORDINARY USERS TO CHANGE THE SECURITY OF THEIR OWN FILES TO ALLOW OTHERS TO ACCESS THE CONTENTS. A LOOPHOLE LEFT 
BEHIND INADVERTENTLY OR ON PURPOSE MAY BE EXPLOITED BY A DISGRUNTLED EMPLOYEE OR A HACKER TO BREAK SYSTEM 
SECURITY, SOMETIMES MUCH LATER. 


SecurityAudit/UX PRODUCES OVER 40 REPORTS, CONTAINING DETAILED INFORMATION ON THE FOLLOWING CLASSES OF 
PROBLEMS: 

* User and Group-related problems, including weak passwords and non-unique identification numbers. 

° File-system related problems, including historical tracking of files and detection of potential Trojan horses. 

¢ PDF-related security problems, extended to detect changes in ACL specifications. 

* Logging subsystems status display, and logfile analysis. 

¢ Network-related status display and configuration weaknesses. 


SecurityAudit /UX RUNS ON ALL HP-UX BASED 9000 SERIES 700 AND 800 SYSTEMS, AND HAS BEEN SPECIFICALLY TAILORED TO 
ADDRESS PECULIARITIES OF HP-UX, SUCH AS PDF, ACL AND HP’S SHADOW PASSWORDS. 


Call EUGENE VOLOKH for more info! 


Purveyors of Fine HP Software 


1135 S. Beverly Drive 
Los Angeles, CA 90035 U.S.A. 


Since 1980 FAX (310) 785-9566 
(310) 282-0420 
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Graphical Spreadsheet 


X Engineering Software Systems (XESS) has announced the 
NExsS 1.3 spreadsheet for Linux and UNIX workstations. 

NExS—the Network Extensible Spreadsheet—is a full-fea- 
tured, graphical spreadsheet developed specifically for UNIX 
and the X Window System. It has more than 237 builtin business 
and scientific functions, allows user-customized functions, dis- 
plays data using 2- and 3-dimensional graphs, and imports and 
exports data in a wide variety of formats (including HTML tables). 

In addition, the conNExions API gives external processes 
complete control of NExS spreadsheets. For example, the API 
lets a remote data acquisition program transfer data over the 
Internet to the NExS spreadsheet for real-time updates. NExS can 
also control the data-feed by communicating back to the remote 


iew Format Tools Options Graph Connections 
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sides 


200 built-in functions 

32,767 x 4,096 cells 

2D and 3D graphics 

Cut-and-paste with X applications 


Imports WKS, WK1, XS, TSV, CSV, Text files 


process through the API. The conNExions API supports up to 
63 of these simultaneous, two-way connections. 
Pricing starts at $149. Demonstration copies may be downloaded from hitp://www.xess.com. 


Contact XESS, phone: (800) 961-7840 or (919) 387-0076, fax: (919) 387-1302. 


nal and external electronic commerce 
transactions. 

Contact ParcPlace-Digitalk, phone: 
(800) 759-7272 or (408) 481-9090, fax: 
(408) 481-9095, http:// www.parc- 
place.com. Contact Hewlett-Packard at 
http://www.hp.com/go/internet. 


Finite Element Analysis 

Structural Research & Analysis 
Corporation has announced COS- 
MOS/FFE for MSC/NASTRAN and 
COSMOS/FFE for ANSYS, which allows 
users of the two legacy finite element 
analysis programs to model and post- 
process their problems in the usual man- 
ner with NASTRAN or ANSYS but to 
solve them much faster with COS- 
MOS/FFE. 

SRAC’s proprietary FFE is a new 
analysis technology that provides 
answers to complex problems up to 100 
times faster than conventional FEA pro- 
grams, while reducing disk storage 
requirements by more than 20 times. 
Equipped with built-in expert system 
features, FFE automatically chooses the 
most efficient way to solve problems and 
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use existing resources. FFE also evalu- 
ates available computer resources and 
will prompt users before they start if they 
don’t have enough disk space to run the 
model. FFE can even warn users if a 
model has not been set up properly. 
COSMOS/FFE for NASTRAN and 
COSMOS/FFE for ANSYS are available 
for UNIX platforms only, for $10,000 each. 
Contact SRAC, phone: (310) 207- 
2800, http://www.cosmosm.com. 


Standardized Persistent 
Collections 

Object Design, Inc. and ObjectSpace, 
Inc. have announced two new Object 
Managers for use with Object Design 
ObjectStore database and ObjectStore 
PSE products. Object Design and 
ObjectSpace integrated the JGL and 
STL libraries with ObjectStore in order 
to provide users with full collection sup- 
port for persistent Java and C++ objects. 
Developers can build ObjectStore-based 
applications with cost-effective, reusable 
persistent object collections. 

The new Object Managers result 
from the integration of ObjectSpace’s 


Exports XS3, TSV, CSV, text, LaTeX, HTML files & 
Motif compliant GUI 

Past recalculation 

Complete on-line help 


C language operator set @ 

Tel /Tk scripting 

63 real-time data links 
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Java Generic Library (JGL) and 
ANSI/ISO C++ Standard Template 
Library (STL) with ObjectStore. 

The ObjectSpace JGL Object Man- 
ager is available for free download 
from the Object Design Web site at 
http://www.odt.com. 

The ObjectSpace STL Object 
Manager is available free to ObjectSpace 
C++ Library customers as part of an 
annual support service. 

Contact Object Design, phone: (617) 
674-5162, or ObjectSpace, phone: (214) 
823-8242. 


Performance and Capacity 
Management 

BGS Systems, Inc. has announced 
BEST/1 Performance Assurance for 
SAP R/3, an integrated performance 
and capacity management tool, with ini- 
tial availability for UNIX environments. 
It is designed to allow IT professionals to 
manage performance and capacity for 
SAP R/3 application modiles, such as 
Sales & Distribution, Human Resources, 
Production Planning, or Materials 
Management. 


BEST/1 for SAP R/3 analyzes UNIX 
and SAP R/3 CCMS data and provides 
unique automating capabilities, including 
application and database server perfor- 
mance management; state-of-the-system 
SAP resource usage yesterday, today, and 
tomorrow; and SAP R/3 capacity planning 
with “what-if” performance modeling. 

BEST/1 Performance Assurance for 
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3630A PaintJet 
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DesignJet 650C Plotter 
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C2440HA/JA 
C3232A 
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SAP R/3 can analyze, track, and man- 
age the data by multiple differing views 
of the total SAP R/3 workload. 
Pricing starts at less than $50,000. 
Contact BGS Systems, phone: (617) 
891-0000, fax: (617) 890-0000, e-mail: 
bestl1@bgs.com. 
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Customer Service Application 

Hewlett-Packard and Information 
Management Associates (IMA) have 
announced the integration of HP’s 
Customer Contact Manager middle- 
ware with IMA’s EDGE TeleBusiness 
Software System. 

Users can now build industry-tailored 
EDGE customer-service applications and 
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Large Databases Require —~ 
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New Solutions for Backup !!!!! 


Backup 4 to 8 Gigabytes/Hour/Drive 


FINALLY! Store 20 to 40 Gigabytes/Tape 
Random Libraries from 5 to 264 Cartridges 


execute standard computer-telephony- 
integration functions from within these 
applications, such as dial, call-transfer, 
and call-conference. Customer Contact 
Manager will carry out these actions by 
bridging the applications to a broad 
range of automatic call distributors, tele- 
phone switches, and voice response units. 

The EDGE TeleBusiness Software 
System enables organizations to develop 


oe 
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oa 


customized customer-interaction appli- 
cations to support telesales, telemarket- 
ing, and customer-service operations. : 

Customer Contact Manager manages | Dallastone also sells and supports all major brands — 


and integrates customer communications Quantum, Breece Hill, ADIC and Odetics 


with customer-service applications and DALLASTONE Phone 603-647-8168 
databases, addressing computer tele- a, 2 Cote Lane Fax 603-624-2466 
phony integration, as well as support for Bedford, NH 03110 Email dtool@delphi.com 


Internet, fax, and e-mail communications. . x oo uo 
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Contact IMA, phone: (203) 925-6800, 
fax: (203) 925-1170, http://www.ima- 
inc.com. 


Server Extension Software 

Ready-To-Run Software (RTR) has 
announced Microsoft FrontPage Server 
Extensions for a wide range of UNIX 
Web servers, enabling organizations to 
host Web sites created and managed 
with Microsoft FrontPage. 

Under an agreement with Microsoft, 
Ready-To-Run Software will assist in pro- 
viding support for the FrontPage serv- 
er extensions, including porting the 
extensions to new platforms, making 
the extensions widely available via the 
Internet (hitp://www.rtrcom/fpsup- 
port/download.htm) and providing phone 
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and e-mail support. 
UNIX-based Internet 
Providers can now offer customers all 
the advantages that FrontPage, togeth- 
er with the extensions, provide—remote 


Service 


authoring, remote site management, 
and WebBot components. The latter 
enables nonprogrammers to create pro- 
fessional-quality Web sites by simply 
“dropping” into their Web sites dynam- 
ic features such as full-text search, 
threaded discussion groups, and regis- 
tration forms. 

Contact RTR, phone: (508) 692-9922, 
fax: (508) 692-9990, http://www.rtr.com. 


Scaleable High Availability 
APCON, Inc. has introduced Power- 
Switch/NT, a flexible alternative to redun- 


dant server systems with their costly over- 
head. PowerSwitch/NT installs using 
Microsoft Windows NT Server or 
Workstation and supports any combina- 
tion of servers, disk drives, duplexed or 
mirrored arrays, RAIDs, and peripherals. 

PowerSwitch/NT supports up to 16 
servers. In the event of a server failure, 
PowerSwitch/NT reconfigures the oper- 
ating system to a secondary server in 
moments, ensuring full data availabili- 
ty. Users have nearly immediate access to 
a fully functional network, complete with 
original up-to-date data. The network 
servers stay up and running, even when 
the system administrator is off site. The 
secondary server can operate the net- 
work when necessary. 

PowerSwitch/NT is priced at $995 
and supports 16 servers; it is available 
off the shelf. An evaluation copy can be 
downloaded at hitp://www.apcon.com. 

Contact APCON, phone: (503) 639- 
6700, fax: (503) 639-6740. 


SNMP Management for Novell 
NetWare 

Translink Software has introduced 
Event Director (or EventD), a new 
client-server-based agent that extends 
any network management system that 
uses the industry-standard protocol 
SNMP, including allowing users to over- 
see Novell NetWare servers. 

EventD is an early warning system 
against poor performance or diminish- 
ing resources. The agent enables users to 
monitor and manage their Novell 
NetWare network with other elements of 
the network in an integrated manage- 
ment environment, all from one console. 

The self-managing systém can iden- 
tify potential disasters and audit network 
activity. All is shown at the management 
station as it happens, enabling users to 


be proactive on security issues. Users 
can decide which events to monitor and 
when to be told about them. 
Translink Software, 
phone/fax: (+44) 1753 715872 
(U.K.), http://www.translink.com. 


Contact 


Tape Management 

Alida, Inc. has announced that its 
network-based backup, restore, and tape 
management software, GT Backup, has 
been enhanced so users can employ a 
command-line interface to execute all 
GT Backup commands throughout a 
network from any remote or local PC 
or terminal. 

By employing a command line setup 
to establish a “cron entry,” GT Backup 
users ensure the complete and timely 
execution of each and every job. From 
any network location, this entry will 
instruct GT Backup to check availabili- 
ty of drives and check that the correct 
tapes are in specified drives—eliminat- 
ing the most common cause of backup 
and restore failures. Times and dates 
for these commands may also be prese- 
lected and are executed automatically 
throughout the network. 

GT Backup runs in a client-server 
environment on UNIX platforms. 

It is priced at $595 for a single-user 
license, with multistation network dis- 
counts. 

Contact Alida, phone: (800) 883- 
GURU or (201) 384-0080, fax: (201) 
384-3382, http://main.street.net/alida. 


Stereoscopic 3D Visualization 
StereoGraphics and EDS Unigraphics 
have announced Unigraphics’ V12 
design and modeling software with built- 
in support for StereoGraphics 
CrystalEyes stereoscopic 3D eyewear. 


The combination of StereoGraphics 
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Hewlett-Packard... 


ORERUG is the INTEREX-affiliated 
users group for all Hewlett-Packard 
system users in the Pacific Northwest. 
ORERUG sponsors conferences, 
seminars, monthly meetings, and 
a bimonthly newsletter. 

For more information, visit 
http://www.orerug.org 


Oregon Regional Users Group, Inc. 


ORERUG Annual Summer Conference 
“Developing a World Wide Presence: Business Beyond 2000” 
June 19-21, 1997 
Salishan Resort on the Oregon Coast 


Vendor Contact: 
Jennifer Omner 
(503)690-2438 
jomner @teleport.com 


President: 
Art Bahrs 
(503)220-8333 
bahrsa@ ohsu.edu 


Registration Contact: 
Madeleine Drake 
(503)241-3595 

mmdrake @telestream.com 
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CrystalEyes and Unigraphics V12 will 
speed up the 3D design process and pro- 
vide virtual prototyping capabilities to 
all Unigraphics users. 

CrystalKyes is a lightweight, wireless eye- 
wear system that delivers high-definition, 
stereoscopic 3D images in conjunction 
with compatible software and standard 
workstation displays. It allows profession- 
als dealing with multi-dimensional data 
to visualize problems and analyze infor- 
mation more quickly and effectively. 

CrystalEyes is priced at $995, includ- 
ing infrared emitter. 

Contact StereoGraphics, phone: 
(800) 783-2660 or (415) 459-4500, fax: 
(415) 459-3020, http://www.stereo- 
graphics.com. 


Network Data Collector 
Onion Peel Software has announced 


a new Network Data Collector (NDC) 
for HP OpenView. NDC gives network 
managers a tool for intelligent data col- 


lection and reporting. Its collection sys- 


tem reduces traffic and streamlines col- 
lections and generates batch jobs 
through the command line. Comma- 
separated format makes it easy to cre- 
ate spreadsheets or graphs. NDC is 
based on selection rules and MIB 
expressions with basic reporting skills 
such as an SQL-like command language 
that allows simple text files to collect 
data and build reports. 

Contact Onion Peel Software, phone: 
(919) 571-7910, fax: (919) 571-8338, e-mail: 
sales@ops.com, http://www.ops.com/. 


New from Hewlett-Packard 


Pre-Loading SAP R/3 

Hewlett-Packard has introduced a ser- 
vice for preloading, preconfiguring, and 
pretesting SAP/R3 solutions prior to deliv- 
ery to customer sites. HP is the only SAP 
partner to offer this service for HP-UX, 
Microsoft Windows NT, or mixed HP- 
UX/Windows NT system environments. 

The new service allows HP customers 
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to reduce on-site installation time and 
minimize disruption to core business 
activities since the actual preloading 
activities are conducted by HP techni- 
cians at a central HP facility. 

As part of this service, HP delivers to 
the customer a preintegrated solution, 
including R/3 and database software, 
HP 9000 business servers or HP 
NetServer PC servers, and other solu- 
tion components. The HP facility han- 
dles the complex logistics of delivering 
the new system to customer sites, includ- 
ing multiple deliveries in one country 
or several countries around the world. 

This service also is available to cus- 
tomers who order through HP partners 
that act as the prime contractors for R/3 
implementations. 


HP and Oracle Joint Technology 
Hewlett-Packard 
Corporation are increasing joint tech- 


and Oracle 


nology development and integration 
efforts. The companies are working on 
an open, networked computing envi- 
ronment targeted for IA-64, Intel’s 
future 64-bit processor that was devel- 
oped jointly by HP and Intel. 

The partnership is expected to pro- 
duce mission-critical solutions capable of 
performing billions of transactions per 
week, per system to support global, net- 
worked enterprises. 


Attention vendors: New product announce- 
ments should be sent to New Products Editor, 
hp-ux/usr magazine, Interex, P.O. Box 
3439, Sunnyvale, California 94088-3439, 
USA, or e-mail: pollace@interex. org. 

Deadline for submission is 2!/2 months 
prior to publication. 


3 
= 
interex 


Shared Knowledge. 
Shared Power. 


The International 
Association of 
Hewlett-Packard 
Computing 


Professionals 


Membership Levels 


associate level 
includes the following services/benefits: 


M Subscription to either: 
hpeux/usr magazine — 
includes companion Product Directory 
Interact magazine — 
includes companion Product Directory 
M@ Member rates for Interex Conferences 
M Read-only access to Interex Online library 


@ Membership in your local Regional User Group 
(RUG) at RUG membership rate 


Service Package 


I'd Like to Join Interex 


Choose one of the following 


@ membership levels & 
service package 
Associate Level, $49.50* 


Package $595.00* 


All membership and service pack- 
ages are based on an annual fee. 


Package subscribers, please 
choose the following: 


@ preferred software 


format and operating 
system for the annual 


tape release 
|_| 1600 BPI Magnetic Tape 
6250 Magnetic Tape 


|] DAT 4mm 


Please read and sign the following disclaimer: | am applying for services with 
Interex. | understand that no funds will be returned after any Contributed Software 
Library (CSL) tapes/disks have been shipped or downloaded from Interex. | agree 
not to distribute software to any unauthorized users or use software received 
through Interex on more than one system at a time. | understand that this agree- 
ment stays in force even after my services expire or are terminated. 


Contact the Membership Department for pricing of the Right-to-Copy 
License for multiple machine usage 


Signature 


Date / | eae 


Contributing Level, $115.00* 
Contributing Level Plus Online 


online service package 


includes ALL the benefits of Contributing Level plus: 


@ Software Access—unlimited downloads 
from entire library of HP-UX, MPE, and RTE 
programs (containing over 4,800 programs). 
Includes one free tape of current Interex 
Annual Release in the operating system of 
your choice. Custom tapes from software library 
are also available. 


(Check one of the following) 


and Service Package 


@ contributing level 
includes the following services/benefits: 


Subscription to BOTH: 
hpeux/usr magazine — 

includes companion Product Directory 
Interact magazine — 

includes companion Product Directory 


Subscription to InterexPress, monthly news 
publication 


E-Mail account through Interex (includes read-only 
access to Interex Online library) 


Access to Special Interest Groups (SIGs) 
Member rates for Interex Conferences 


Membership in your Regional User Group (RUG) 
at RUG membership rate 


Voting Privileges for Board Elections and Advocacy 
Surveys (i.e., system improvement surveys) 


Information Access—full text search 

and downloading capabilities for all Interex 
publications including: hp-ux/usr, Interact, 
Vendor Resource Directories, product news and 
announcements, and Conference Proceedings 
abstracts. 


Member Access—member directory. Find 
members with similar interests. Plus access to the 
Who’s Who guide of Interex staff, volunteers, 
and HP liaisons. 


Online services are continually upgraded and modified; 


services are subject to change without notice. 


Order Form 


@ mailing address (attach business card here) 


HP-UX MPE/ix earne 
MPE V RTE 
M@ member directory _ job title company 
Please include me in the member 
directory. address 
L] Yes No - 
Please initial: city/state/zip/country 
@ service agreement 
lf you relocate, should services telephone/extension 
transfer with you? 
Yes No fax e-mail 
Please initial: @ payment options 
@ mailing list Bill me |_] Check enclosed, payable to Interex 
Would you like to receive mailings Purchase order endiosad POS 
about other computer-related ven- 
dors’ products and services? (purchase order accepted for invoicing purposes only) 
Yes [{_]No Please charge my: Visa [|] MasterCard AmEx 


|_| Linus Cartridge Tape (CS-80) 


credit card number / expiration date 


of $49.50. 


signature 


Foreign currency accepted BUT 
payment must be equivalent of 
U.S. currency. Each publication 
has an annual subscription value 


NOTE: Services do not begin 
until payment is received. 


*Canada & Mexico add $25 and all 
other countries outside the U.S. 
add $50 for additional postage. 


Total payment enclosed $ 


@ send form and payment to: 
Interex, P.O. Box 3439, 
Sunnyvale, CA 94088-3439, USA; 
fax: 408 747-0947 
phone: 800.INTEREX, 408.747.0227 
e-mail: membership@interex.org 


CompuServe: 76376,1222 
http://www. interex.org 


Sign up NOW for Fall 1997 Listings 


hp-ux/resource directory 


The hp-ux/resource directory is a complete resource guide for HP-UX users seeking answers. This is one of the 
industry's most extensive reference guides for HP-UX products, services, and vendors. It will be devoted entirely to 
HP 9000 users operating in multi-user, workstation, and multi-system UNIX environments. This bi-annual directory, 
published each year in March and September, is a separate publication mailed out with hp-ux/usr magazine, the only 
HP-specific publication on the market. 

Added BONUS: your message will reach your customers for one full year on the Internet. Look for the directory on the 
Interex home page http://www.interex.org. The investment for a full year listing in the hp-ux/resource directory is $475. 


Propuct CATEGORIES 


Accounting 

Accounting Software 
Alphanumeric Paging Software 
Application Development Software 
Application Development Tools 
Application Development Tools/4GL 
Application Engineering 
Backup/Restore 

Backup Software 

Bar Code Data Collection Systems 
Batch Job Management 

Books 


Business-Critical Application Development & 


Deployment 
Business Software 
CD-R 
CAD Software / Hardware 
Change Management for Software 

Development 
Change Management Tools 
CheckPoint Restart Facility 
Client-Server 
Client-Server Software 
Communigations 
Communications Servers 
Communications Software 
Consulting 
Consulting/Systems Integration 
Customer Support 
Customer Support/Help Desk Systems 
Database Management Systems 
Database Management Tools 
Data Center Management 
Data Migration Tool 
Data Warehousing 
Decision Support Systems 
Diagramming & Flowcharting 
Disaster Recovery 
Distributed Computing 
Distribution Software 
Distributor 
Document Management 
Electronic Data Interchange (EDI) 
Electronic Form Printing 
E-Mail & Directory Integration 
End-User Access Tools 
End-User Computing 
Equipment 
Executive Information Systems 
Facility Maintenance Software 
Fax Automation 
Fax Software 
File Manager Utility 
Financial 


Forestry 

Fourth Generation Language 
GIS (Geographic Information System) 
Government & Utility Software 
Graphics 

Groupware 

Hardware 

Hardware/ Mass Storage 
Hardware Subsystems 

Help Desk Management 
Human Resources & Personnel Systems 
Image Processing 

Image Storage & Retrieval Management 
Industrial Terminals 

Input Devices 

Instrument Control 
Integration Tools 

Internet 

Internet Commerce 

Internet/ Intranet 

Internet Services 

Internet Solutions 

Inventory Control 

I/O Boards 

Job Scheduling & Workload Management 
Justice Software 

Laser Printing Software 
Maintenance 

Manufacturing Software 

Mass Storage 

Mass Storage Peripherals 

Math Library 

Memory 

Memory Upgrades 
Middleware 

Migration Services 

Migration Services/Tools 
Migration Tools 

Modular Mass Storage 
Multimedia 

Network Backup Software 
Networking 

Networking Systems 

Network Management 

Output Management 

Payroll 

PC Card Reader 

PC Compatibility 

PC Integration 

Performance 

Performance Software 
Personal Information Manager 
Personnel Management 
Pointing Devices 


Power Protection & Conditioning 
Print Management 

Print Management Software 
Process Control Software 
Production Planning 

Project Management 
Programmer’s Editor 

Protocol Converters/Interfaces-Hardware 
Publications 

Public Safety Software 

Quality Assurance Tools 

Records Management 

Rentals 

Report Viewing, Printing, & Distribution 
Report Writers 

Sales & Marketing 

Scheduling 

Scheduling/Task Management 
Security 

Service Repairs 

Software 

Software Backup 

Software Development Tools 
Software Distribution Tools 
Software Maintenance & Testing 
Spoolers 

Spreadsheets 

Statistics/Data Analysis 

System Integration 

System Management 

System Management Tools 
System Printers 

3-D Graphics Tool Kit 

3-D Porting Tool 

Tape Backup Products 

Tape Storage/Data Interchange 


Technical Documentation /Cross-Referencing 


Terminals 

Terminal Emulation 

Text & Information Retrieval 

Text Editors 

Time & Billing 

Time Reporting Terminals 

Training ‘ 
User Groups 

Video/ Keyboard/Mouse Extension 
Warehouse & Distribution Management 
Workstations 


Other categories may be created as needed. 


—_ hp-ux/resource 


Scum directo ry 
Fall 1997 Listing Form 


FIRST EACH LISTING 
LISTING THEREAFTER TOTAL 
‘| Listing (includes two issues) $475 $375 $ 
(] Hyperlink to your home page $500 $150 $ 
“| $1.00 Per Word Over 75 Words $ 
_] Company Product Logo or Photo $100 $ 50 $ 
[] Cross Reference $200 $200 $ 
Total $ 

Extended Final Closing Date: Monday, May 19, 1997 
1, 

Category Product Name 
2. 

Category Product Name 
a. 

Category Product Name 
4. 

Category Product Name 
5. 

Category Product Name 


Product Description 
Please attach product description. Be sure to include product name and operating environment. 
Note: There is a $1.00 per word charge for each listing over 75 words. 


Company Name 


Address 

City State Zip 
Telephone Fax 

Web URL E-mail: 


Authorization: 


Signature Print Name 
Title Date 
NOTES: INTER-OFFICE USE ONLY: 


Listing: 
New Renew 


Logo: 


New Renew 


Photo: 
_| New Renew 
Link 


Please mail or fax completed form and listings to: |nterex, 1192 Borregas Avenue, Sunnyvale, CA 94088, U.S.A., 
Attention: Kathie Schwartz, 800.468.3739, ext. 620, 408.747.0227, Fax 408.747.0947, E-mail: schwartz@interex.org. 


PAYMENT OR PURCHASE ORDER MUST ACCOMPANY ALL ORDERS 


' j 
Adve rise [ S | fl ( EX Please call or fill out adjacent card for further product information. 


READER 

SERVICE 

NUMBER ADVERTISER PAGE # 

3 AMC Compiiter Services: 3s sissies sscscensscccccnesacsncceee chien 83 
(508) 670-9395/Fax (508) 670-9327 

2 Attachmiate: | sissies cctwaresissavcncsasiactiaesciasthessceneees aM C4 
(800) 426-6283 or (206) 644-4010 

4 BOGNG cscs dacscsnisecauiinns svmneines stmmermscagamenseswasee seem 61 
(800) 237-4641 or (408) 364-6500 

24 Centon Electronics: oic.ccisessccssccecassscceviegosesieeesneeseciiell 4 
(800) 836-1986 or (714) 855-9111 

155,156 Computer Solutions ...........cccccccccccesceeesecececeeeeeees 27,75 
(407) 649-0123 or (512) 343-6634 

37 Got lte ants 5:5 ia ansseisss:s:e:erassinsarsrs:c:ssorasacqroie s eis ecajasardieg Sin ereiarbinws siarecnie and a 65 
(800) 780-2838 or email: info@confluent.com 

140 CSU WMGUstrieS, Tne: asisisnssccnccessssnecrsvasewseawase saweae aes 57 
(516) 239-4310/Fax: (516) 239-8374 

76 Dall AaStONG oes scien scdisaicies cee satan neesdeneeess oseaisieeesscweest 81 
(603) 647-8168/Fax: (603) 624-2466 

44 Design 3000 Plus, Inc. .......s..ssscesssescecceecceeccessceasens 31 
(503) 585-0512/ Fax: (503) 585-1706 

51 ENCINAUGD: "yisissieinrdisrnse's vaxteindarseoienmarsenanwues asenuaunescae 71 
(702) 831-5595/Fax: (702) 831-4979 

52 INOtECD % seeds csiccaiacsaacunnea sa sielonestiaanseeeesenaeee sence te 73 
(800) 446-8324 or (703) 641-0469 

171 I/O Data Systems, Inc. o...cscccesvecesssacacescssaanens sosietale 63 
(216) 835-2211/Fax: (216) 835-0220 

58,62 Lund Performance Solutions ..............ccceeccseccceccees C-3,13 
(541) 926-3800/Fax: (541) 926-7723 

96 MinisOft, IiGs cisiecianscaie aan camsecwsieseanciecsleet easewesieean teem 2 
(800) 682-0200/Fax: (360) 568-2923 

7 Monterey Bay Communications ..............cccceeeeeeeeeeeeees 1 


(408) 429-6144/Fax: (408) 429-1918 
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READER 
SERVICE 
NUMBER 


re 


91 


73 


124 


180 


168 


166 


163 


123 


78 


49 


40 


127 


132 


ADVERTISER PAGE # 
CORB SOLWAE 6s ccnneecevsiisisinws evececnssersusienescsanencenn 59 
(800) 89ORBIT or (510) 837-4143 
Personal Productivity Toolsisscsc0scscccsacrsevvesccesseseec oie 73 
(415) 917-7000/Fax: (415) 917-7010 
Robelle Consulting Ltd............ 0. cece cece cece eee e ee eeees 69 
(888) 762-3553 or (604) 582-1700 
Sb. Patel SORWAPC ii siievecs ieccisensccannsincesscanacnens sansa 21 
(612) 603-4400/Fax: (612) 603-4403 
software Licensing Corp. ..cs0ccsecessnesscesesescscensssasnckhae 79 
(800) 831-0882 or (702) 832-0881 
PONT JOCAS casmincescsanciensiedienes saqubnnte seameayeei scene 33 
(800) 633-5250 or (717) 688-9511 
SUGIQUEINE sicscanisscassnnscdesronerss vimanweresonumerecessec 17 
(800) 458-1273/Fax: (206) 865-8314 
SYUUAR csisivesotanss santas tssawanesessuweaness sec neceumieen mm 7 
(206) 838-2626 
TREE SOTWANE scciesinenestnsvedeneases cimsmecssrmmeacenses C2 
(415) 961-1323/Fax: (415) 961-1454 
Technical & Scientific Application. ...............eseeeeeeeeeees 41 
(800) 422-4872/Fax: (713) 935-1500 
Ted Dasher & Associates iciessssnescvessscccasesessovweeess oo 81 
(800) 638-4833/Fax: (205) 591-1108 
VESOB YT, IniGes s sacemmsins sceisigies scnitaianns ipianiess eaantiaess ane 79 
(310) 282-0420/ Fax: (310) 785-9566 
VIA Techn olopy swiisisiess iseicaaavinnersasessosnscascacnaass A 69 
(800) 842-8324 or (210) 227-7726 . 
MESS COEDS, ssiscuis'esirndayie'sie sicisropisions anertanaia smemiivciovsadiineetceaeae 61 


(800) 961-7840 or (919) 387-0076 


It’s Time For Your Performance Review 


System performance management demands a ¢ Take proactive control of your system’s 

great deal. You must deal with current workloads performance with very little effort. 

while optimizing user response times. * Better utilize system resources and improve 
Simultaneously, you must plan for the future, efficiency of the entire data processing operation. 


anticipating where new performance problems 
will occur. SOS/9000 Performance Advisor for 
HP-UX and SOS/X Performance Advisor for 

X Windows environment will help you maximize 
your 9000’s performance as well as provide you 
the information needed to effectively plan for 

the future. 


¢ Know the track record of your system’s 
performance to determine future resource needs. 


¢ Save thousands of dollars over other tools. 


¢ Let SOS/9000 Performance Advisor be your 
system performance “watchdog.” 


For more information or a Free demonstration copy 
Call Lund Performance Solutions Today! 541-926-3800 


— 240 2nd Ave. SW * Albany, OR 97321 USA 


i 7 bh | (541) 926-3800 © (541) 926-7723 (fax) 
PERFORMANCE SOLUTIONS — &-Mail: info@lund.com 


Performance Beyond Expectation — Visit our Web Site: www.lund.com S 0S / 9000 


CIRCLE 58 ON READER SERVICE CARD Performance Advisor 


KEA!" 700/98 


Introducing the superior 
choice for HP connectivity. 


Now there is a choice. 


Attachmate® now gives you 

a choice for HP connectivity 
with the launch of KEA! 700/98. 
It’s the only software for 

HP 3000, HP 9000, and VAX® 
connectivity — complete with 
TCP/IP and NS/VT protocols — 
right out of the box. 


KEA! 700/98 is a fully customizable, 
powerful |6- and 32-bit connectivity 
solution, with support for OLE 2.0, 
HLLAPI and Shuttle File Transfers. 
Plus you get the flexibility of TCP/IP, 
NS/VT and dial-out modem 
capability, all for one incredibly 

low price. 


Attachmate leads the industry in 
providing dependable host access — 
and we back every product with our 
world class customer support. 


So whether you're upgrading to 
Windows® 95 or Windows NT® 
now or later on, KEA! 700/98 is the 
right choice if you’re serious about 
your HP connectivity solution. 


To qualify for your free evaluation 
copy of KEA! 700/98, or other 
Attachmate products, 
call 
800-426-6283 or 
206-644-4010 and 
mention response 
code 622.00. 


For information on our Open 
Systems Medallion Program 
for Preferred Resellers, call 
604-294-9499. 


Or visit our Web site at 
www.attachmate.com/inx.htm 
CIRCLE 2 ON READER SERVICE CARD 


ATTACHMATI 


KEA! 


TFOO/9O8 
* Limited time offer for users of competitive HP connectivity software. 


d in USA. Attachmate is a registered trademark and KEA! is a trademark of Attachmate Corporation. HP is 
and Windows NT are registered trademarks of Microsoft Corporation. VAX is a registered trademark of 


7-0101 


marks or registered trademarks are the property of their respective owners 


